CVE-2005-2323

Name of the Vulnerable Software and Affected Versions Class-1 Forum versions 0.23.2 through 0.24.4 Clever Copy with forums installed (affected versions not specified)

Description The issue allows remote attackers to modify SQL statements. This can be achieved via the id parameter to "viewattach.php", the viewuser id parameter to "users.php", or the id or forum parameters to "viewforum.php".

Recommendations For Class-1 Forum versions 0.23.2 through 0.24.4, consider restricting access to the "viewattach.php", "users.php", and "viewforum.php" scripts until a patch is available. For Clever Copy with forums installed, at the moment, there is no information about a newer version that contains a fix for this vulnerability.