9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
CPE | Name | Operator | Version |
---|---|---|---|
wizz_forum:wizz_forum | wizz forum | eq | 1.20 |
marc.info/?l=bugtraq&m=113201564319843&w=2
secunia.com/advisories/17548/
securityreason.com/securityalert/181
www.osvdb.org/20845
www.osvdb.org/20846
www.osvdb.org/20847
www.securityfocus.com/bid/15410/references
www.vupen.com/english/advisories/2005/2421
exchange.xforce.ibmcloud.com/vulnerabilities/23170
exchange.xforce.ibmcloud.com/vulnerabilities/23171