CVE-2005-4226
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/12/2005
Last modified:
19/10/2018
Description
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:phpwebthings:phpwebthings:*:*:*:*:*:*:*:* | 1.4 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://secunia.com/advisories/18011/
- http://www.osvdb.org/21650
- http://www.osvdb.org/21651
- http://www.osvdb.org/21652
- http://www.osvdb.org/21653
- http://www.osvdb.org/21654
- http://www.osvdb.org/21655
- http://www.osvdb.org/21656
- http://www.securityfocus.com/archive/1/419280/100/0/threaded
- http://www.securityfocus.com/archive/1/419487/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2860
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23565