Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2005-06-22T04:00:00
Updated: 2024-08-07T22:15:36.858Z
Reserved: 2005-06-22T00:00:00
Link: CVE-2005-2048

No data.

Status : Modified
Published: 2005-06-22T04:00:00.000
Modified: 2024-11-20T23:58:40.993
Link: CVE-2005-2048

No data.