Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3201

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3201
Last Modified 05 Sep 2008 04:53:43
Published 14 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3201

Summary

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.

Vulnerable Systems


References

SECUNIA - 17115

XF - utopianewspro-news-sql-injection(22555)

CONFIRM - http://www.utopiasoftware.net/

BID - 15028

OSVDB - 19942

SECTRACK - 1015016

MISC - http://rgod.altervista.org/utopia113.html

BUGTRAQ - 20051007 Utopia News Pro 1.1.3 SQL Injection / cross site scripting


Last Updated: 27 May 2016 10:40:50