Vulnerability Description
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Class-1 | Class-1 Forum | 0.23.2 |
| Clever Copy | Clever Copy | All versions |
References
- http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.htmlExploitVendor Advisory
- http://secunia.com/advisories/16078Vendor Advisory
- http://securitytracker.com/id?1014485Exploit
- http://securitytracker.com/id?1014486Exploit
- http://www.osvdb.org/17921
- http://www.osvdb.org/17922
- http://www.osvdb.org/17923
- http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.htmlExploitVendor Advisory
- http://secunia.com/advisories/16078Vendor Advisory
- http://securitytracker.com/id?1014485Exploit
- http://securitytracker.com/id?1014486Exploit
- http://www.osvdb.org/17921
- http://www.osvdb.org/17922
- http://www.osvdb.org/17923
FAQ
What is CVE-2005-2323?
CVE-2005-2323 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach...
How severe is CVE-2005-2323?
CVE-2005-2323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2323?
Check the references section above for vendor advisories and patch information. Affected products include: Class-1 Class-1 Forum, Clever Copy Clever Copy.