CVE-2005-3817 Information
Description
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php (2) sbres_id parameter in review.php (3) cid parameter in browsecats.php (4) h_id parameter in email.php and (5) an unspecified parameter to the search module.
Reference
http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.html http://secunia.com/advisories/17724 http://www.osvdb.org/21079 http://www.osvdb.org/21080 http://www.osvdb.org/21081 http://www.osvdb.org/21082 http://www.osvdb.org/21083 http://www.securityfocus.com/bid/15561 http://www.vupen.com/english/advisories/2005/2557 https://exchange.xforce.ibmcloud.com/vulnerabilities/23208
Share on: