Vulnerability Description
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duware | Duforum | 3.0 |
References
- http://www.osvdb.org/10664
- http://www.osvdb.org/10665
- http://www.osvdb.org/10666
- http://www.securityfocus.com/bid/11363Exploit
- http://www.securitytracker.com/alerts/2004/Oct/1011595.htmlExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17680
- http://www.osvdb.org/10664
- http://www.osvdb.org/10665
- http://www.osvdb.org/10666
- http://www.securityfocus.com/bid/11363Exploit
- http://www.securitytracker.com/alerts/2004/Oct/1011595.htmlExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17680
FAQ
What is CVE-2004-2201?
CVE-2004-2201 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail....
How severe is CVE-2004-2201?
CVE-2004-2201 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2201?
Check the references section above for vendor advisories and patch information. Affected products include: Duware Duforum.