Lucene search

[email protected]CVE-2003-1176

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2003-1176

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

web wiz forums

post_message_form.asp

remote attack

private forums

security vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.

Affected configurations

NVD

Node

bdc_enterprisesweb_wiz_forumsMatch6.34

bdc_enterprisesweb_wiz_forumsMatch7.01

bdc_enterprisesweb_wiz_forumsMatch7.5

CPENameOperatorVersion
bdc_enterprises:web_wiz_forumsbdc enterprises web wiz forumseq6.34
bdc_enterprises:web_wiz_forumsbdc enterprises web wiz forumseq7.01
bdc_enterprises:web_wiz_forumsbdc enterprises web wiz forumseq7.5

CPE	Name	Operator	Version
bdc_enterprises:web_wiz_forums	bdc enterprises web wiz forums	eq	6.34
bdc_enterprises:web_wiz_forums	bdc enterprises web wiz forums	eq	7.01
bdc_enterprises:web_wiz_forums	bdc enterprises web wiz forums	eq	7.5

References

secunia.com/advisories/10137

securitytracker.com/id?1008100

www.osvdb.org/2768

www.securityfocus.com/archive/1/343175

www.securityfocus.com/archive/1/343314

www.securityfocus.com/bid/8957

exchange.xforce.ibmcloud.com/vulnerabilities/13581

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2003-1176

cvelist1 nvd1