Description
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Alexander Antipov · textwebappsasp
https://www.exploit-db.com/exploits/23331
References (7)
Core 7
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8957
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/2768
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10137
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/343175
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13581
Patch mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/343314
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1008100
Scores
EPSS
0.0788
EPSS Percentile
92.0%
Details
Status
published
Products (3)
bdc_enterprises/web_wiz_forums
6.34
bdc_enterprises/web_wiz_forums
7.01
bdc_enterprises/web_wiz_forums
7.5
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026