CVE-2005-3682

Wizz Forum - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/26503

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/26504

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by HACKERS PAL · perlwebappsphp

https://www.exploit-db.com/exploits/1322

View Code ZIP pw:eip

References (10)

[Mailing List] http://marc.info/?l=bugtraq&m=113201564319843&w=2

[Vendor Advisory] http://secunia.com/advisories/17548/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23170

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15410/references

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23171

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20845

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20846

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20847

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2421

[Third Party Advisory] http://securityreason.com/securityalert/181

Scores

EPSS 0.0491

EPSS Percentile 89.4%

Classification

Status draft

Affected Products (1)

wizz_forum/wizz_forum

Timeline

Published Nov 18, 2005

Tracked Since Feb 18, 2026