CVE-2004-2201

DUware DUforum <3.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-2201. PoCs published by Soroosh Dalili.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in DUclassmate, DUclassified, and DUforum, including SQL injection and HTML injection. It includes a basic SQL injection example for authentication bypass.

Description

SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Soroosh Dalili · textwebappsasp
https://www.exploit-db.com/exploits/24673

The provided text describes multiple vulnerabilities in DUclassmate, DUclassified, and DUforum, including SQL injection and HTML injection. It includes a basic SQL injection example for authentication bypass.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUclassmate, DUclassified, DUforum
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Soroosh Dalili · textwebappsasp
https://www.exploit-db.com/exploits/24674

The provided text describes multiple vulnerabilities in DUclassmate, DUclassified, and DUforum, including SQL injection and HTML injection. It includes an example SQL injection payload but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUclassmate, DUclassified, DUforum
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Soroosh Dalili · textwebappsasp
https://www.exploit-db.com/exploits/24675

The provided text is a vulnerability writeup describing SQL injection and HTML injection vulnerabilities in DUclassmate, DUclassified, and DUforum. It includes an example SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUclassmate, DUclassified, DUforum
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10665
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10666
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10664
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17680
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11363
Exploit vdb-entry x_refsource_sectrack
http://www.securitytracker.com/alerts/2004/Oct/1011595.html

Scores

EPSS 0.0129
EPSS Percentile 66.6%

Details

Status published
Products (2)
duware/duforum 3.0
duware/duforum 3.1
Published Dec 31, 2004
Tracked Since Feb 18, 2026