CVE-2005-4223 Information
Description
Multiple \potential\ SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php (2) the catid and question parameters in faq.php (3) the poster parameter in postnews.php (4) the tempid parameter in templates.php and (5) the userid and groupid parameters in users.php.
Reference
http://glide.stanford.edu/yichen/research/sec.pdf http://secunia.com/advisories/17988/ http://www.osvdb.org/21645 http://www.osvdb.org/21646 http://www.osvdb.org/21647 http://www.osvdb.org/21648 http://www.osvdb.org/21649 http://www.securityfocus.com/archive/1/419280/100/0/threaded http://www.securityfocus.com/archive/1/419487/100/0/threaded http://www.vupen.com/english/advisories/2005/2859 https://exchange.xforce.ibmcloud.com/vulnerabilities/23564
Share on: