CVE-2005-2048 Information

Description

Multiple SQL injection vulnerabilities in DUware DUforum 3.1 and possibly other versions allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp iFor parameter to (2) post.asp or (3) forums.asp or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

Reference

http://echo.or.id/adv/adv19-theday-2005.txt http://marc.info/?l=bugtraq&m=111945219205114&w=2 http://www.securityfocus.com/archive/1/453330/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30668