CVE-2005-4486 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227 the vendor disputed the accuracy of this report saying that the p_news_id news_and_events_new.asp and news.asp are not specifically part of their product although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error but this could not be repeated for news.asp.

Reference

http://pridels0.blogspot.com/2005/12/qp7enterprise-sql-vuln.html http://www.osvdb.org/22069 http://www.osvdb.org/22070 http://www.securityfocus.com/bid/16022