Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4515

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4515
Last Modified 05 Aug 2011 12:00:00
Published 22 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4515

Summary

** DISPUTED ** SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE.

Vulnerable Systems

Application

  • Lois Software Webdb 1.0

  • Lois Software Webdb 1.1


References

SECUNIA - 18226

XF - webdb-search-module-sql-injection(23840)

VUPEN - ADV-2005-3071

BID - 16038

OSVDB - 21910

MISC - http://pridels0.blogspot.com/2005/12/webdb-sql-inj-vuln.html#c114176251867558161

MISC - http://pridels0.blogspot.com/2005/12/webdb-sql-inj-vuln.html


Last Updated: 27 May 2016 10:41:20