CVE-2004-2201 - Hebrew Navigation

Description

SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp (2) MSG_ID parameter in messageDetail.asp or (3) password parameter in the login form.

Reference

http://www.securityfocus.com/bid/11363 http://www.osvdb.org/10664 http://www.osvdb.org/10665 http://www.osvdb.org/10666 http://www.securitytracker.com/alerts/2004/Oct/1011595.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17680