{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1287", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "15784", "refsource": "OSVDB", "url": "http://www.osvdb.org/15784" }, { "name": "20060423 BK Forum <= 4.0 Remote SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431863/100/0/threaded" }, { "name": "15786", "refsource": "OSVDB", "url": "http://www.osvdb.org/15786" }, { "name": "20050423 Multiple Sql injection vulnerabilities in BK Forum v.4", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=111428133317901&w=2" }, { "name": "15072", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15072" }, { "name": "1013793", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013793" }, { "name": "http://www.digitalparadox.org/advisories/bkdev.txt", "refsource": "MISC", "url": "http://www.digitalparadox.org/advisories/bkdev.txt" }, { "name": "15785", "refsource": "OSVDB", "url": "http://www.osvdb.org/15785" }, { "name": "20060421 BK Forum <<--V.4.0 SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431659/100/0/threaded" } ] } }