CVE-2005-2473 Information
Description
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php (2) MemberRoleChange.php (3) PropertyAssign.php (4) WhyCameEditor.php (5) GroupPropsEditor.php (6) Reports/PDFLabel.php or (7) UserDelete.php (8) DepositSlipID parameter to DepositSlipEditor.php (9) QueryID parameter to QueryView.php GroupID parameter to (10) GroupView.php (11) GroupMemberList.php (12) MemberRoleChange.php (13) GroupDelete.php (14) /Reports/ClassAttendance.php or (15) /Reports/GroupReport.php (16) PropertyID parameter to PropertyEditor.php FamilyID parameter to (17) Canvas05Editor.php (18) CanvasEditor.php or (19) FamilyView.php or (20) PledgeID parameter to PledgeDetails.php.
Reference
http://marc.info/?l=bugtraq&m=112291550713546&w=2 http://secunia.com/advisories/16292 http://securitytracker.com/id?1014617 http://www.osvdb.org/18408 http://www.osvdb.org/18409 http://www.osvdb.org/18410 http://www.osvdb.org/18411 http://www.osvdb.org/18412 http://www.osvdb.org/18413 http://www.osvdb.org/18414 http://www.osvdb.org/18415 http://www.osvdb.org/18416 http://www.osvdb.org/18417 http://www.osvdb.org/18418 http://www.osvdb.org/18419 http://www.osvdb.org/18420 http://www.osvdb.org/18421 http://www.osvdb.org/18422 http://www.osvdb.org/18423 http://www.osvdb.org/18424 http://www.osvdb.org/18427 http://www.osvdb.org/18428 http://www.securityfocus.com/bid/14438 https://exchange.xforce.ibmcloud.com/vulnerabilities/21647
Share on: