← back
CVE-2005-2048

CVE-2005-2048

EPSS 2.4%
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
Affected products
n/a · n/a
public PoCs found4
exploitdbwww.exploit-db.com/exploits/25870unverifiedexploitdbwww.exploit-db.com/exploits/25868unverifiedexploitdbwww.exploit-db.com/exploits/25869unverifiedexploitdbwww.exploit-db.com/exploits/25871unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://echo.or.id/adv/adv19-theday-2005.txthttp://marc.info/?l=bugtraq&m=111945219205114&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/30668http://www.securityfocus.com/archive/1/453330/100/0/threaded