CVE-2005-4554 Information

Description

Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php (2) cat parameter in getfile.php and (3) target parameter in download_now.php.

Reference

http://rgod.altervista.org/dev_15_sql_xpl.html http://secunia.com/advisories/18239 http://securitytracker.com/id?1015410 http://www.osvdb.org/22040 http://www.osvdb.org/22041 http://www.osvdb.org/22042 http://www.securityfocus.com/archive/1/420253/100/0/threaded http://www.securityfocus.com/bid/16063 https://exchange.xforce.ibmcloud.com/vulnerabilities/23898