- Description
- Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:class-1:class-1_forum:0.23.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CBCD404-9538-421E-91D9-D926961B52C3"
},
{
"criteria": "cpe:2.3:a:class-1:class-1_forum:0.24.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4A9B91F-6D3C-4D7E-BEFA-623BF5E8F980"
},
{
"criteria": "cpe:2.3:a:clever_copy:clever_copy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0533A346-38E0-4F1B-975E-ED8692E7CA7C"
}
],
"operator": "OR"
}
]
}
]