Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4382

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4382
Last Modified 08 Aug 2011 12:00:00
Published 19 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4382

Summary

SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.

Vulnerable Systems

Application

  • Citysoft Community Enterprise


References

XF - communityenterprise-multiple-sql-injection(23818)

VUPEN - ADV-2005-2979

OSVDB - 21969

OSVDB - 21855

SECUNIA - 18145

MISC - http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html


Last Updated: 27 May 2016 10:41:16