CVE-2005-2468 Information
Description
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php getCustomFieldReport function in (4) custom_fields.php (5) custom_fields_graph.php or (6) class.report.php or the insert function in (7) releases.php or (8) class.release.php.
Reference
http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18403 http://www.osvdb.org/18404 http://www.osvdb.org/18405 http://www.osvdb.org/18406 http://www.securityfocus.com/bid/14437 http://www.vupen.com/english/advisories/2005/1287
Share on: