CVE-2005-4334

Name of the Vulnerable Software and Affected Versions ZixForum version 1.12

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the H ID parameter to API endpoints such as "zixforum/forum.asp", which is also used in "Headforums.asp" and "Subject.asp".

Recommendations For ZixForum version 1.12, consider restricting access to the H ID parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the H ID parameter in the "zixforum/forum.asp" endpoint, as well as in "Headforums.asp" and "Subject.asp", to minimize the risk of exploitation.