Arbitrary SQL Execution and File Extension Bypass Vulnerability in class-1 Forum Software 0.24.4

Arbitrary SQL Execution and File Extension Bypass Vulnerability in class-1 Forum Software 0.24.4

CVE-2005-2902 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file.

Learn more about our Web Application Penetration Testing UK.