CVE-2005-3682

Wizz Forum - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · perlwebappsphp

https://www.exploit-db.com/exploits/1322

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/26504

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/26503

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20846

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23170

[Third Party Advisory] http://securityreason.com/securityalert/181

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2421

[Mailing List] http://marc.info/?l=bugtraq&m=113201564319843&w=2

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20845

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23171

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15410/references

[Vendor Advisory] http://secunia.com/advisories/17548/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20847

Scores

EPSS 0.0491

EPSS Percentile 89.6%

Details

Status published

Products (1)

wizz_forum/wizz_forum 1.20

Published Nov 18, 2005

Tracked Since Feb 18, 2026