GCVE - cpe:2.3:a:duware:duforum:3.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:duware:duforum:3.1:*:*:*:*:*:*:*

part: a version: 3.1 update: *

Vendor	Duware (`a7e4dbbd-0fa1-58a2-ad48-648c67f14a28`)
Product	Duforum (`65c6e444-e220-5862-92b7-1aec3389ef47`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2005-2048`	vulnerable	2026-06-03 14:27:00.918625	Details available Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0. Published: 2005-06-22T04:00:00.000Z Updated: 2024-08-07T22:15:36.858Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=111945219205114&w=2 http://www.securityfocus.com/archive/1/453330/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30668 http://echo.or.id/adv/adv19-theday-2005.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2201`	vulnerable	2026-06-03 14:26:46.686525	Details available SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. Published: 2005-07-10T04:00:00.000Z Updated: 2024-08-08T01:22:12.258Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/11363 http://www.securitytracker.com/alerts/2004/Oct/1011595.html http://www.osvdb.org/10665 http://www.osvdb.org/10666 http://www.osvdb.org/10664	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2200`	vulnerable	2026-06-03 14:26:46.686104	Details available Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. Published: 2005-07-10T04:00:00.000Z Updated: 2024-08-08T01:22:12.261Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/11363 http://www.securitytracker.com/alerts/2004/Oct/1011595.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17681 http://www.osvdb.org/10667	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.