PT-2005-1886 · Coolforum · Coolforum

Published

2005-03-24

Updated

2017-07-11

CVE-2005-0858

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CoolForum versions 0.8 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two different methods: (1) the pseudo parameter to "entete.php" or (2) the login parameter to "register.php".

Recommendations For CoolForum versions 0.8 and earlier, consider disabling the entete.php and register.php scripts until a patch is available to prevent exploitation via the pseudo and login parameters.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0858

Affected Products

Coolforum

PT-2005-1886 · Coolforum · Coolforum

CVE-2005-0858

Related Identifiers

Affected Products

References · 6