Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-06-22T04:00:00

Updated: 2024-08-07T22:15:36.858Z

Reserved: 2005-06-22T00:00:00

Link: CVE-2005-2048

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-06-22T04:00:00.000

Modified: 2024-11-20T23:58:40.993

Link: CVE-2005-2048

cve-icon Redhat

No data.