SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zixforum | John_andersson | 1.12 (including) | 1.12 (including) |
References
- http://securitytracker.com/id?1015359
- http://www.attrition.org/pipermail/vim/2006-April/000687.html
- http://www.osvdb.org/22096
- http://www.securityfocus.com/bid/16406
- http://securitytracker.com/id?1015359
- http://www.attrition.org/pipermail/vim/2006-April/000687.html
- http://www.osvdb.org/22096
- http://www.securityfocus.com/bid/16406