CVE-2005-3365
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
30/10/2005
Last modified:
21/11/2024
Description
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:codeworx_technologies:dcp-portal:6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://marc.info/?l=bugtraq&m=113017151829342&w=2
- http://secunia.com/advisories/12751/
- http://securityreason.com/securityalert/108
- http://www.osvdb.org/20493
- http://www.osvdb.org/20494
- http://www.securityfocus.com/archive/1/419280/100/0/threaded
- http://www.securityfocus.com/bid/15183
- http://www.securityfocus.com/bid/27167
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39447
- https://www.exploit-db.com/exploits/4853
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://marc.info/?l=bugtraq&m=113017151829342&w=2
- http://secunia.com/advisories/12751/
- http://securityreason.com/securityalert/108
- http://www.osvdb.org/20493
- http://www.osvdb.org/20494
- http://www.securityfocus.com/archive/1/419280/100/0/threaded
- http://www.securityfocus.com/bid/15183
- http://www.securityfocus.com/bid/27167
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39447
- https://www.exploit-db.com/exploits/4853