Vulnerability Description
Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoneo-Soft | Freeforum | <= 1.1 |
References
- http://pridels0.blogspot.com/2005/11/freeforum-1x-cat-and-thread-sql-inj.html
- http://secunia.com/advisories/17720Vendor Advisory
- http://securitytracker.com/id?1015269
- http://www.osvdb.org/21086
- http://www.securityfocus.com/bid/15559
- http://www.vupen.com/english/advisories/2005/2571
- http://pridels0.blogspot.com/2005/11/freeforum-1x-cat-and-thread-sql-inj.html
- http://secunia.com/advisories/17720Vendor Advisory
- http://securitytracker.com/id?1015269
- http://www.osvdb.org/21086
- http://www.securityfocus.com/bid/15559
- http://www.vupen.com/english/advisories/2005/2571
FAQ
What is CVE-2005-3816?
CVE-2005-3816 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter ...
How severe is CVE-2005-3816?
CVE-2005-3816 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3816?
Check the references section above for vendor advisories and patch information. Affected products include: Zoneo-Soft Freeforum.