1. CVE-Search
  2. CVE-2005-4223
ID CVE-2005-4223
Summary Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.
References
Vulnerable Configurations
  • cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq
  • 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities
  • 20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities
misc http://glide.stanford.edu/yichen/research/sec.pdf
osvdb
  • 21645
  • 21646
  • 21647
  • 21648
  • 21649
secunia 17988
vupen ADV-2005-2859
xf utopianewspro-editnews-sql-injection(23564)
Last major update 19-10-2018 - 15:40
Published 14-12-2005 - 11:03
Last modified 19-10-2018 - 15:40
Back to Top