Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1236

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1236
Last Modified 05 Sep 2008 04:48:36
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1236

Summary

Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.

Vulnerable Systems

Application

  • Duware Duportal 3.1.2

  • Duware Duportal 3.1.2 Sql


References

BID - 13288

MISC - http://www.digitalparadox.org/advisories/dup.txt

SECUNIA - 15044


Last Updated: 27 May 2016 10:40:05