2 matches found
CVE-2006-2927
The CVE-2006-2927 entry concerns CodeAvalanche FreeForum (aka CAForum) 1.0, where multiple XSS vulnerabilities exist in post.asp. The affected component is the post.asp handler; the vulnerability allows an attacker to inject arbitrary script or HTML via the msg_subject or msg_body parameters. The...
CVE-2006-2822
CVE-2006-2822 describes a SQL injection in CodeAvalanche FreeForum 1.0 (admin/default.asp) that allows remote attackers to run arbitrary SQL via the password parameter. The NVD record assigns a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentication, indicating potential...