Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2902

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2902
Last Modified 05 Sep 2008 04:52:58
Published 14 Sep 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2902

Summary

SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file.

Vulnerable Systems


References

XF - class1forum-unknown-sql-injection(22209)

BID - 14774

MISC - http://www.rgod.altervista.org/class1.html

SECUNIA - 16762

BUGTRAQ - 20050908 class-1 Forum Software v 0.24.4 Remote code execution


Last Updated: 27 May 2016 10:40:40