Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4527

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4527
Last Modified 20 Sep 2008 12:43:24
Published 27 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4527

Summary

Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.

Vulnerable Systems

Application

  • Direct News 4.9


References

BID - 15957

OSVDB - 21854

XF - directnews-multiple-sql-injection(23727)

OSVDB - 22340

MISC - http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html


Last Updated: 27 May 2016 10:41:20