{"type": "osvdb", "published": "2005-05-11T10:13:02", "href": "https://vulners.com/osvdb/OSVDB:16326", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "edition": 1, "reporter": "Lostmon Lords(Lostmon@gmail.com)", "title": "Quick.Forum index.php Multiple Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "2.1.6", "name": "Quick.Forum"}], "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2017-04-28T13:20:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1585"]}], "modified": "2017-04-28T13:20:12", "rev": 2}, "vulnersScore": 6.6}, "references": [], "id": "OSVDB:16326", "lastseen": "2017-04-28T13:20:12", "cvelist": ["CVE-2005-1585"], "modified": "2005-05-11T10:13:02", "description": "## Vulnerability Description\nQuick.Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'iCategory' and 'page' variables in the 'index.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nQuick.Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'iCategory' and 'page' variables in the 'index.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.\n## Manual Testing Notes\nhttp://[victim]/forum/index.php?p=&iCategory=3%20or%201=1\nhttp://[victim]/forum/index.php?p=topicsList&page=4%20or%201=1\nhttp://[victim]/forum/?p=&iCategory=2%20or%201=1\n## References:\nVendor URL: http://qc.dotgeek.org/os/index.php?p=productsQuickForum\n[Secunia Advisory ID:15200](https://secuniaresearch.flexerasoftware.com/advisories/15200/)\n[Related OSVDB ID: 16328](https://vulners.com/osvdb/OSVDB:16328)\n[Related OSVDB ID: 16329](https://vulners.com/osvdb/OSVDB:16329)\n[Related OSVDB ID: 16327](https://vulners.com/osvdb/OSVDB:16327)\nOther Advisory URL: http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html\n[CVE-2005-1585](https://vulners.com/cve/CVE-2005-1585)\n"}

{"cve": [{"lastseen": "2020-10-03T11:34:54", "description": "Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.", "edition": 3, "cvss3": {}, "published": "2005-05-11T04:00:00", "title": "CVE-2005-1585", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1585"], "modified": "2008-09-05T20:49:00", "cpe": ["cpe:/a:open_solution:quick.forum:2.1.6"], "id": "CVE-2005-1585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1585", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:open_solution:quick.forum:2.1.6:*:*:*:*:*:*:*"]}]}