Title : Quicksilver Forums "HTTP_USER_AGENT" SQL Injection Vulnerability VUPEN ID : VUPEN/ADV-2005-2729 CVE ID : CVE-2005-4030
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-12-05
Technical Description
A vulnerability has been identified in Quicksilver Forums, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error when processing a specially crafted "HTTP_USER_AGENT" header, which may be exploited by malicious users to conduct SQL injection attacks.
