Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2045

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2045
Last Modified 05 Sep 2008 04:50:44
Published 22 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2045

Summary

Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp.

Vulnerable Systems

Application

  • Duware Duportal Pro 3.4.3


References

BUGTRAQ - 20050622 [ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products

MISC - http://echo.or.id/adv/adv19-theday-2005.txt

OSVDB - 17599

OSVDB - 17598

OSVDB - 17597


Last Updated: 27 May 2016 10:40:22