CVE-2006-3332 Information

Description

SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset (2) tid (3) fromid (4) sortby (5) fromfrommethod and (6) fromfromlist parameters.

Reference

http://pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html http://securitytracker.com/id?1016386 http://www.securityfocus.com/bid/18681 https://exchange.xforce.ibmcloud.com/vulnerabilities/24372