Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1176

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2003-1176
Last Modified 05 Sep 2008 04:36:14
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1176

Summary

post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.

Vulnerable Systems

Application

  • Bdc Enterprises Web Wiz Forums 6.34

  • Bdc Enterprises Web Wiz Forums 7.01

  • Bdc Enterprises Web Wiz Forums 7.5


References

BUGTRAQ - 20031104 Re: Unauthorized access in Web Wiz Forum

XF - webwizforums-quotemode-message-access(13581)

BID - 8957

BUGTRAQ - 20031102 Unauthorized access in Web Wiz Forum

OSVDB - 2768

SECTRACK - 1008100

SECUNIA - 10137


Last Updated: 27 May 2016 10:38:16