CVE-2005-1562 Information
Description
Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp (2) txtAddress (3) message or (4) subject parameter to post_info.asp (5) andor parameter to search.asp (6) verkey parameter to pop_profile.asp or (7) Remove or (8) Delete parameter to pm_delete2.asp.
Reference
http://marc.info/?l=bugtraq&m=111584883727605&w=2 http://secunia.com/advisories/15329 http://www.hackerscenter.com/archive/view.asp?id=2542 http://www.osvdb.org/16502 http://www.osvdb.org/16503 http://www.osvdb.org/16504 http://www.osvdb.org/16506 http://www.osvdb.org/16510 http://www.securityfocus.com/bid/13601 https://exchange.xforce.ibmcloud.com/vulnerabilities/20562
Share on: