CVE-2005-3682

Description

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23171

https://exchange.xforce.ibmcloud.com/vulnerabilities/23170

http://www.vupen.com/english/advisories/2005/2421

http://www.securityfocus.com/bid/15410/references

http://www.osvdb.org/20847

http://www.osvdb.org/20846

http://www.osvdb.org/20845

http://securityreason.com/securityalert/181

http://secunia.com/advisories/17548/

http://marc.info/?l=bugtraq&m=113201564319843&w=2

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS