CVE-2005-4141
published 2005-12-09CVE-2005-4141: Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.29%
66.6th percentile
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2h6c-9r57-fm42: Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicili
ghsa_unreviewed·2022-05-01
CVE-2005-4141 [HIGH] GHSA-2h6c-9r57-fm42: Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicili
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.
GHSA
GHSA-v489-r8f5-qhp8: Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6270 [HIGH] GHSA-v489-r8f5-qhp8: Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
No detection rules found.
Exploit-DB
ASPMForum - 'kullanicilistesi.asp?harf' SQL Injection
exploitdb·2005-12-07
CVE-2005-4141 ASPMForum - 'kullanicilistesi.asp?harf' SQL Injection
ASPMForum - 'kullanicilistesi.asp?harf' SQL Injection
---
source: https://www.securityfocus.com/bid/15767/info
ASPMForum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/aspmforum/kullanicilistesi.asp?harf=[sql injection]
Exploit-DB
ASPMForum - 'forum.asp?baslik' SQL Injection
exploitdb·2005-12-07
CVE-2005-4141 ASPMForum - 'forum.asp?baslik' SQL Injection
ASPMForum - 'forum.asp?baslik' SQL Injection
---
source: https://www.securityfocus.com/bid/15767/info
ASPMForum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/aspmforum/forum.asp?baslik=[sql injection]
No writeups or analysis indexed.
http://secunia.com/advisories/17954http://www.osvdb.org/21538http://www.osvdb.org/21539http://www.securityfocus.com/bid/15767http://www.vupen.com/english/advisories/2005/2809https://exchange.xforce.ibmcloud.com/vulnerabilities/23535http://secunia.com/advisories/17954http://www.osvdb.org/21538http://www.osvdb.org/21539http://www.securityfocus.com/bid/15767http://www.vupen.com/english/advisories/2005/2809https://exchange.xforce.ibmcloud.com/vulnerabilities/23535
2005-12-09
Published