Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4226

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4226
Last Modified 07 Mar 2011 09:27:52
Published 14 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4226

Summary

Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.

Vulnerable Systems

Application

  • Phpwebthings 1.4


References

VUPEN - ADV-2005-2860

BUGTRAQ - 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities

OSVDB - 21656

OSVDB - 21655

OSVDB - 21654

OSVDB - 21653

OSVDB - 21652

OSVDB - 21651

OSVDB - 21650

SECUNIA - 18011

MISC - http://glide.stanford.edu/yichen/research/sec.pdf

XF - phpwebthings-download-ref-sql-injection(23565)

BUGTRAQ - 20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities


Last Updated: 27 May 2016 10:41:12