SQL injection vulnerability in DUware DUforum 3.0 up to and including 3.1 allows remote malicious users to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
duware duforum 3.1 |
||
duware duforum 3.0 |