cpe:/a:bitweaver:bitweaver:1.1 cpe:/a:bitweaver:bitweaver:1.1.1_beta CVE-2005-4380 2005-12-19T21:03:00.000-05:00 2017-07-19T21:29:14.160-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-12-21T10:42:00.000-05:00 ALLOWS_OTHER_ACCESS BID 15962 OSVDB 21919 OSVDB 21920 OSVDB 21921 OSVDB 21922 OSVDB 21923 VUPEN ADV-2005-2975 XF bitweaver-multiple-sql-injection(23814) MISC http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html CONFIRM http://www.bitweaver.org/forums/viewtopic.php?t=1299 Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.