[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3365Date: (C)2005-10-30   (M)2023-12-22


Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SREASON-108
SECUNIA-12751
BID-15183
http://marc.info/?l=bugtraq&m=113017151829342&w=2
http://www.securityfocus.com/archive/1/419280/100/0/threaded
OSVDB-20493
OSVDB-20494
BID-27167
EXPLOIT-DB-4853
dcpportal-index-sql-injection(39447)
dcpportal-multiple-php-sql-injection(22855)
http://glide.stanford.edu/yichen/research/sec.pdf

CWE    1
CWE-89

© SecPod Technologies