Magic Forum Personal - 'view_thread.cfm' Multiple SQL Injections

EDB-ID:

26765


Author:

r0t

Type:

webapps


Platform:

CFM

Date:

2005-12-08


source: https://www.securityfocus.com/bid/15774/info
  
CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
  
These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and conduct cross-site scripting attacks.
  
Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior are vulnerable.
  
Other versions of these applications may also be affected. 

http://www.example.com/view_thread.cfm?ForumID=1[SQL]

http://www.example.com/view_thread.cfm?ForumID=1&ThreadID=1&Thread=1[SQL]

http://www.example.com/view_thread.cfm?ForumID=1&ThreadID=1[SQL]