SQL Injection Vulnerability in Vegas Forum

Summary

Vulnerability: SQL Injection Vulnerability in Vegas Forum
Discovered: 2006.03.03
Last Update: 2006.03.13 Exploitation code published
ID: EV0090
CVE: CVE-2006-1020
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: Vegas Forum (http://www.battlereports.com/downloads.php)
Version: 1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

SQL Injection found in Vegas Forum (http://www.battlereports.com/downloads.php) script.

Vulnerable script: forumlib.php

Variable $postid isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

SQL Injection Example:

http://host/forum.php?postid=999%20or%201

Solution for "SQL Injection Vulnerability in Vegas Forum" is not available. Check vendor's website for updates.