Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4223

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4223
Last Modified 07 Mar 2011 09:27:51
Published 14 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4223

Summary

Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.

Vulnerable Systems

Application

  • Utopia Software Utopia News Pro 1.1.4


References

OSVDB - 21649

OSVDB - 21648

OSVDB - 21647

OSVDB - 21646

OSVDB - 21645

SECUNIA - 17988

VUPEN - ADV-2005-2859

BUGTRAQ - 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities

MISC - http://glide.stanford.edu/yichen/research/sec.pdf

XF - utopianewspro-editnews-sql-injection(23564)

BUGTRAQ - 20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities


Last Updated: 27 May 2016 10:41:12