CVE-2005-2323 | Vulnerability Database | Aqua Security

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.

Affected Software

Name	Vendor	Start Version	End Version
Class-1_forum	Class-1	0.23.2 (including)	0.23.2 (including)
Class-1_forum	Class-1	0.24.4 (including)	0.24.4 (including)
Clever_copy	Clever_copy	*	*

References

http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html
http://secunia.com/advisories/16078
http://securitytracker.com/id?1014485
http://securitytracker.com/id?1014486
http://www.osvdb.org/17921
http://www.osvdb.org/17922
http://www.osvdb.org/17923
http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html
http://secunia.com/advisories/16078
http://securitytracker.com/id?1014485
http://securitytracker.com/id?1014486
http://www.osvdb.org/17921
http://www.osvdb.org/17922
http://www.osvdb.org/17923

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2323
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html