CVE-2004-2201
published 2004-12-31CVE-2004-2201: SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.29%
66.6th percentile
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| duware | duforum | — | — |
| duware | duforum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DUforum 3.x - 'messages.asp?FOR_ID' SQL Injection
exploitdb·2004-10-11
CVE-2004-2201 DUforum 3.x - 'messages.asp?FOR_ID' SQL Injection
DUforum 3.x - 'messages.asp?FOR_ID' SQL Injection
---
source: https://www.securityfocus.com/bid/11363/info
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
http://www.example.com/DUforum/messages.asp?FOR_ID=1;[SQL INJECT]
Exploit-DB
DUforum 3.x - Login Form 'Password' SQL Injection
exploitdb·2004-10-11
CVE-2004-2201 DUforum 3.x - Login Form 'Password' SQL Injection
DUforum 3.x - Login Form 'Password' SQL Injection
---
source: https://www.securityfocus.com/bid/11363/info
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
user= admin
password= ' or '1'='1
Exploit-DB
DUforum 3.x - 'messageDetail.asp?MSG_ID' SQL Injection
exploitdb·2004-10-11
CVE-2004-2201 DUforum 3.x - 'messageDetail.asp?MSG_ID' SQL Injection
DUforum 3.x - 'messageDetail.asp?MSG_ID' SQL Injection
---
source: https://www.securityfocus.com/bid/11363/info
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
http://www.example.com/DUforum/messageDetail.asp?MSG_ID=1;[SQL INJECT]
No writeups or analysis indexed.
http://www.osvdb.org/10664http://www.osvdb.org/10665http://www.osvdb.org/10666http://www.securityfocus.com/bid/11363http://www.securitytracker.com/alerts/2004/Oct/1011595.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17680http://www.osvdb.org/10664http://www.osvdb.org/10665http://www.osvdb.org/10666http://www.securityfocus.com/bid/11363http://www.securitytracker.com/alerts/2004/Oct/1011595.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17680
2004-12-31
Published