CVE-2005-1287 - Pathless Levers

Description

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp (2) forum parameter to forum.asp or (3) various parameters in register.asp.

Reference

http://www.digitalparadox.org/advisories/bkdev.txt http://secunia.com/advisories/15072 http://securitytracker.com/id?1013793 http://www.osvdb.org/15784 http://www.osvdb.org/15785 http://www.osvdb.org/15786 http://marc.info/?l=bugtraq&m=111428133317901&w=2 http://www.securityfocus.com/archive/1/431863/100/0/threaded http://www.securityfocus.com/archive/1/431659/100/0/threaded