Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1413

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1413
Last Modified 05 Sep 2008 04:49:05
Published 03 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1413

Summary

Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.

Vulnerable Systems

Application

  • Envivosoft Envivo Cms 3.54


References

XF - envivo-username-password-sql-injection(20313)

BID - 13440

BID - 13439

BID - 13437

OSVDB - 15966

OSVDB - 15965

SECTRACK - 1013843

SECUNIA - 15173

MISC - http://digitalparadox.org/viewadvisories.ah?view=37

BID - 24860

OSVDB - 15964

MISC - http://securityvulns.ru/Rdocument425.html

FULLDISC - 20070711 durito: enVivo!CMS SQL injection


Last Updated: 27 May 2016 10:40:09