CVE-2005-3682

Published Nov 18, 2005

Last updated 7 years ago

Overview

Description: Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wizz_forum:wizz_forum:1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7215D4C1-BC2B-4E69-805E-E5D6A3C40879"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2005-3682
http://marc.info/?l=bugtraq&m=113201564319843&w=2
http://secunia.com/advisories/17548/
http://securityreason.com/securityalert/181
http://www.osvdb.org/20845
http://www.osvdb.org/20846
http://www.osvdb.org/20847
http://www.securityfocus.com/bid/15410/references
http://www.vupen.com/english/advisories/2005/2421
https://exchange.xforce.ibmcloud.com/vulnerabilities/23170
https://exchange.xforce.ibmcloud.com/vulnerabilities/23171

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References