Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3365

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3365
Last Modified 16 Sep 2009 12:00:00
Published 30 Oct 2005 09:34:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3365

Summary

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.

Vulnerable Systems

Application

  • Codeworx Technologies Dcp-portal 3.7

  • Codeworx Technologies Dcp-portal 4.0

  • Codeworx Technologies Dcp-portal 4.1

  • Codeworx Technologies Dcp-portal 4.2

  • Codeworx Technologies Dcp-portal 4.5.1

  • Codeworx Technologies Dcp-portal 5.0.1

  • Codeworx Technologies Dcp-portal 5.0.2

  • Codeworx Technologies Dcp-portal 5.1

  • Codeworx Technologies Dcp-portal 5.2

  • Codeworx Technologies Dcp-portal 5.3

  • Codeworx Technologies Dcp-portal 5.3.1

  • Codeworx Technologies Dcp-portal 5.3.2

  • Codeworx Technologies Dcp-portal 6.0


References

XF - dcpportal-index-sql-injection(39447)

XF - dcpportal-multiple-php-sql-injection(22855)

BID - 27167

BID - 15183

BUGTRAQ - 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities

OSVDB - 20494

OSVDB - 20493

MILW0RM - 4853

SREASON - 108

SECUNIA - 12751

BUGTRAQ - 20051024 DCP - portal XSS & SQL attacks

MISC - http://glide.stanford.edu/yichen/research/sec.pdf


Last Updated: 27 May 2016 10:40:54