CVE-2005-4195 Information
Description
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT–BrowseResources.php (2) ResourceId parameter in SPT–FullRecord.php (3) ResourceOffset parameter in SPT–Home.php and (4) F_UserName and (5) F_Password in SPT–UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
Reference
http://secunia.com/advisories/17979 http://www.osvdb.org/21625 http://www.osvdb.org/21626 http://www.osvdb.org/21627 http://www.osvdb.org/21628 http://www.securityfocus.com/archive/1/491611/100/0/threaded http://www.securityfocus.com/bid/15818 http://www.securityfocus.com/bid/29034 http://www.vupen.com/english/advisories/2005/2844 http://www.x-illusion.com/rs/Scout20Portal20Toolkit.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/23547 https://exchange.xforce.ibmcloud.com/vulnerabilities/42169 https://www.exploit-db.com/exploits/5540
Share on: