Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de CVE:CVE-2005-4226
Descripción:Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
Prueba de IDs: Ninguno disponible
Referencias Cruzadas: Common Vulnerability Exposure (CVE) ID: CVE-2005-4226
Bugtraq: 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/419280/100/0/threaded
Bugtraq: 20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/419487/100/0/threaded
http://glide.stanford.edu/yichen/research/sec.pdf
http://www.osvdb.org/21650
http://www.osvdb.org/21651
http://www.osvdb.org/21652
http://www.osvdb.org/21653
http://www.osvdb.org/21654
http://www.osvdb.org/21655
http://www.osvdb.org/21656
http://secunia.com/advisories/18011/
http://www.vupen.com/english/advisories/2005/2860
XForce ISS Database: phpwebthings-download-ref-sql-injection(23565)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23565




© 1998-2021 E-Soft Inc. Todos los derechos reservados.