|
|
CVE Reference: CVE-2005-1224 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-1224 |
|
|
Description: Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/20197 http://xforce.iss.net/xforce/xfdb/30671 SAID Secunia Advisory: SA15031 MISC http://www.digitalparadox.org/advisories/duppro.txt http://www.securiteam.com/windowsntfocus/5TP0O0AFFQ.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/453316/100/0/threaded http://marc.theaimsgroup.com/?l=bugtraq&m=111401172901705&w=2 BID 13285 |
|
| Return to the previous page. |
