CVE-2005-2473 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-2473
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2473

Description: Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/21647 ST 1014617 SAID Secunia Advisory: SA16292 OSVDB 18428 18427 18424 18423 18422 18421 18420 18419 18418 18417 18416 18415 18414 18413 18412 18411 18410 18409 18408 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=112291550713546&w=2 BID 14438

Return to the previous page.