Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1562

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1562
Last Modified 05 Sep 2008 04:49:28
Published 11 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1562

Summary

Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.

Vulnerable Systems

Application

  • Maxwebportal 1.3.0

  • Maxwebportal 1.3.1

  • Maxwebportal 1.3.2

  • Maxwebportal 1.3.3

  • Maxwebportal 1.3.5

  • Maxwebportal 1.30

  • Maxwebportal 1.31

  • Maxwebportal 2.0


References

XF - maxwebportal-postasp-sql-injection(20562)

SECUNIA - 15329

BID - 13601

OSVDB - 16510

OSVDB - 16506

OSVDB - 16504

OSVDB - 16503

OSVDB - 16502

MISC - http://www.hackerscenter.com/archive/view.asp?id=2542

BUGTRAQ - 20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS


Last Updated: 27 May 2016 10:40:12