Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4606

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4606
Last Modified 07 Mar 2011 09:28:38
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4606

Summary

SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.

Vulnerable Systems

Application

  • Webwiz Database Login 1.71

  • Webwiz Journal 1.0

  • Webwiz Site News 2.00

  • Webwiz Site News 3.06

  • Webwiz Weekly Poll 3.06


References

SECUNIA - 18263

VUPEN - ADV-2006-0007

BID - 16085

BUGTRAQ - 20051230 [KAPDA::#18] - WebWiz Products SQL Injection

OSVDB - 22148

SREASON - 305


Last Updated: 27 May 2016 10:41:22