Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1417

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1417
Last Modified 05 Sep 2008 04:49:05
Published 03 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1417

Summary

Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp.

Vulnerable Systems

Application

  • Maxwebportal 1.3.0

  • Maxwebportal 1.3.1

  • Maxwebportal 1.3.2

  • Maxwebportal 1.3.3

  • Maxwebportal 1.3.5

  • Maxwebportal 2.0


References

CONFIRM - http://www.maxwebportal.info/downloads/mwp_security_fixes.zip

BID - 13466

SECTRACK - 1013845

SECUNIA - 15214

CONFIRM - http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update


Last Updated: 27 May 2016 10:40:09