Description
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dj_Eyes · textwebappsasp
https://www.exploit-db.com/exploits/27174
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16563
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24616
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015600
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-February/000561.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23509
Scores
EPSS
0.0063
EPSS Percentile
70.5%
Details
Status
published
Products (1)
gasoft/gas_forum_light
Published
Feb 13, 2006
Tracked Since
Feb 18, 2026