CVE-2005-1224

Sažetak

Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.

Reference

http://marc.info/?l=bugtraq&m=111401172901705&w=2
http://secunia.com/advisories/15031
http://www.digitalparadox.org/advisories/duppro.txt
http://www.securiteam.com/windowsntfocus/5TP0O0AFFQ.html
http://www.securityfocus.com/archive/1/453316/100/0/threaded
http://www.securityfocus.com/bid/13285
https://exchange.xforce.ibmcloud.com/vulnerabilities/20197
https://exchange.xforce.ibmcloud.com/vulnerabilities/30671

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:31

Objavljeno

02-05-2005 - 04:00