CVE-2005-4382 Information

Description

SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID (2) pageID (3) ID and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.

Reference

http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html http://secunia.com/advisories/18145/ http://www.osvdb.org/21855 http://www.osvdb.org/21969 http://www.vupen.com/english/advisories/2005/2979 https://exchange.xforce.ibmcloud.com/vulnerabilities/23818