ID CVE-2005-3682
Summary Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
References
Vulnerable Configurations
  • cpe:2.3:a:wizz_forum:wizz_forum:1.20
    cpe:2.3:a:wizz_forum:wizz_forum:1.20
CVSS
Base: 7.5 (as of 30-11-2005 - 14:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Wizz Forum ForumAuthDetails.php AuthID Parameter SQL Injection. CVE-2005-3682. Webapps exploit for php platform
    id EDB-ID:26503
    last seen 2016-02-03
    modified 2005-11-14
    published 2005-11-14
    reporter HACKERS PAL
    source https://www.exploit-db.com/download/26503/
    title Wizz Forum ForumAuthDetails.php AuthID Parameter SQL Injection
  • description Wizz Forum 1.20 (TopicID) Remote SQL Injection Exploit. CVE-2005-3682. Webapps exploit for php platform
    id EDB-ID:1322
    last seen 2016-01-31
    modified 2005-11-14
    published 2005-11-14
    reporter HACKERS PAL
    source https://www.exploit-db.com/download/1322/
    title Wizz Forum 1.20 TopicID Remote SQL Injection Exploit
  • description Wizz Forum ForumReply.php TopicID Parameter SQL Injection. CVE-2005-3682. Webapps exploit for php platform
    id EDB-ID:26504
    last seen 2016-02-03
    modified 2005-11-14
    published 2005-11-14
    reporter HACKERS PAL
    source https://www.exploit-db.com/download/26504/
    title Wizz Forum ForumReply.php TopicID Parameter SQL Injection
refmap via4
bid 15410
bugtraq 20051112 Multible Sql injections in Wizz Forum
osvdb
  • 20845
  • 20846
  • 20847
secunia 17548
sreason 181
vupen ADV-2005-2421
xf
  • wizz-forumauthdetails-sql-injection(23170)
  • wizz-topicid-sql-injection(23171)
Last major update 17-10-2016 - 23:36
Published 18-11-2005 - 18:03
Last modified 10-07-2017 - 21:33
Back to Top