Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1287

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1287
Last Modified 05 Sep 2008 04:48:44
Published 23 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1287

Summary

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.

Vulnerable Systems

Application

  • Bk Dev Bk Forum 4


References

MISC - http://www.digitalparadox.org/advisories/bkdev.txt

SECTRACK - 1013793

SECUNIA - 15072

BUGTRAQ - 20060423 BK Forum <= 4.0 Remote SQL Injection

BUGTRAQ - 20060421 BK Forum <<--V.4.0 SQL Injection

OSVDB - 15786

OSVDB - 15785

OSVDB - 15784

BUGTRAQ - 20050423 Multiple Sql injection vulnerabilities in BK Forum v.4


Last Updated: 27 May 2016 10:40:06