2 matches found
Sql injection
SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...
CVE-2006-2822
CVE-2006-2822 describes a SQL injection in CodeAvalanche FreeForum 1.0 (admin/default.asp) that allows remote attackers to run arbitrary SQL via the password parameter. The NVD record assigns a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentication, indicating potential...