CVE-2004-2201

DUware DUforum <3.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Soroosh Dalili · textwebappsasp

https://www.exploit-db.com/exploits/24673

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Soroosh Dalili · textwebappsasp

https://www.exploit-db.com/exploits/24674

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Soroosh Dalili · textwebappsasp

https://www.exploit-db.com/exploits/24675

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/10665

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/10666

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/10664

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17680

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11363

Exploit vdb-entry x_refsource_sectrack

http://www.securitytracker.com/alerts/2004/Oct/1011595.html

Scores

EPSS 0.0084

EPSS Percentile 74.9%

Details

Status published

Products (2)

duware/duforum 3.0

duware/duforum 3.1

Published Dec 31, 2004

Tracked Since Feb 18, 2026