CVE-2005-1224 Information

Description

Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp cat.asp or detail.asp (2) the iChannel parameter to search.asp default.asp result.asp cat.asp or detail.asp (3) the iCat parameter to cat.asp or detail.asp (4) the iData parameter to detail.asp or result.asp the (5) POL_ID (6) POL_PARENT (7) POL_CATEGORY (8) CHA_NAME or (9) CHA_ID parameters to inc_vote.asp or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp a different set of vulnerabilities than CVE-2005-1236.

Reference

http://marc.info/?l=bugtraq&m=111401172901705&w=2 http://secunia.com/advisories/15031 http://www.digitalparadox.org/advisories/duppro.txt http://www.securiteam.com/windowsntfocus/5TP0O0AFFQ.html http://www.securityfocus.com/archive/1/453316/100/0/threaded http://www.securityfocus.com/bid/13285 https://exchange.xforce.ibmcloud.com/vulnerabilities/20197 https://exchange.xforce.ibmcloud.com/vulnerabilities/30671