CVE-2005-1224

Published: 02/05/2005 Updated: 19/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 780

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote malicious users to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.

Vulnerable Product	Search on Vulmon	Subscribe to Product
duware duportal sql 3.4
duware duportal pro 3.4
duware duportal 3.4

source: wwwsecurityfocuscom/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities ...

source: wwwsecurityfocuscom/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabili ...

source: wwwsecurityfocuscom/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabiliti ...

source: wwwsecurityfocuscom/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities i ...

source: wwwsecurityfocuscom/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in ...

source: wwwsecurityfocuscom/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabi ...

NVD-CWE-Other http://www.digitalparadox.org/advisories/duppro.txt http://www.securiteam.com/windowsntfocus/5TP0O0AFFQ.html http://secunia.com/advisories/15031 http://www.securityfocus.com/bid/13285 http://marc.info/?l=bugtraq&m=111401172901705&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/30671 https://exchange.xforce.ibmcloud.com/vulnerabilities/20197 http://www.securityfocus.com/archive/1/453316/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/25478/

CVE-2005-1224

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect