Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2005-4226
Beschreibung:Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
Test Kennungen: Nicht verfügbar
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2005-4226
Bugtraq: 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/419280/100/0/threaded
Bugtraq: 20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/419487/100/0/threaded
http://glide.stanford.edu/yichen/research/sec.pdf
http://www.osvdb.org/21650
http://www.osvdb.org/21651
http://www.osvdb.org/21652
http://www.osvdb.org/21653
http://www.osvdb.org/21654
http://www.osvdb.org/21655
http://www.osvdb.org/21656
http://secunia.com/advisories/18011/
http://www.vupen.com/english/advisories/2005/2860
XForce ISS Database: phpwebthings-download-ref-sql-injection(23565)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23565




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.