DUforum Login Form Password Parameter SQL Injection

2004-10-11T00:00:00
ID OSVDB:10664
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2004-10-11T00:00:00

Description

Vulnerability Description

DUforum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the password in the login form is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DUforum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the password in the login form is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.duware.com Security Tracker: 1011595 Related OSVDB ID: 10665 Related OSVDB ID: 10667 Related OSVDB ID: 10666 ISS X-Force ID: 17680 CVE-2004-2201 Bugtraq ID: 11363