CVE-2005-0454 Information

Description

Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat doc or uid parameters to index.php or (2) the mid or bid parameters to forums.php.

Reference

http://glide.stanford.edu/yichen/research/sec.pdf http://marc.info/?l=bugtraq&m=110858497207809&w=2 http://securityreason.com/securityalert/108 http://securitytracker.com/id?1013216 http://www.hackgen.org/advisories/hackgen-2005-003.txt http://www.securityfocus.com/archive/1/419280/100/0/threaded http://www.securityfocus.com/bid/12573 https://exchange.xforce.ibmcloud.com/vulnerabilities/19361