CVE-2005-0454

Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.hackgen.org/advisories/hackgen-2005-003.txt	Exploit Vendor Advisory
http://securitytracker.com/id?1013216	Exploit Vendor Advisory
http://glide.stanford.edu/yichen/research/sec.pdf
http://www.securityfocus.com/bid/12573
http://securityreason.com/securityalert/108
http://marc.info/?l=bugtraq&m=110858497207809&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19361
http://www.securityfocus.com/archive/1/419280/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*

Information

Published : 2005-05-01 21:00

Updated : 2018-10-19 08:31

NVD link : CVE-2005-0454

Mitre link : CVE-2005-0454

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

codeworx_technologies

dcp-portal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.hackgen.org/advisories/hackgen-2005-003.txt", "name": "http://www.hackgen.org/advisories/hackgen-2005-003.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1013216", "name": "1013216", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://glide.stanford.edu/yichen/research/sec.pdf", "name": "http://glide.stanford.edu/yichen/research/sec.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/12573", "name": "12573", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/108", "name": "108", "tags": [], "refsource": "SREASON"}, {"url": "http://marc.info/?l=bugtraq&m=110858497207809&w=2", "name": "20050216 [hackgen-2005-#003] - SQL injection bugs in DCP-Portal", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19361", "name": "dcpportal-multiple-sql-injection(19361)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded", "name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0454", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-05-02T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.1.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:31Z"}