|
|
CVE Reference: CVE-2005-4195 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-4195 |
|
|
Description: Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/23547 http://xforce.iss.net/xforce/xfdb/42169 SAID Secunia Advisory: SA17979 OSVDB 21628 21627 21626 21625 MISC http://www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt MILW0RM http://www.milw0rm.com/exploits/5540 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/491611/100/0/threaded BID 15818 29034 |
|
| Return to the previous page. |
