cpe:/a:citysoft:community_enterprise CVE-2005-4382 2005-12-19T21:03:00.000-05:00 2017-07-19T21:29:14.207-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-12-21T10:50:00.000-05:00 ALLOWS_OTHER_ACCESS SECUNIA 18145 OSVDB 21855 OSVDB 21969 VUPEN ADV-2005-2979 XF communityenterprise-multiple-sql-injection(23818) MISC http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.