CVE-2005-4554 - Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote att

CVE-2005-4554

Summary

Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.

References

Vulnerable Configurations

cpe:2.3:a:dev:dev_web_management_system:1.5:*:*:*:*:*:*:*
cpe:2.3:a:dev:dev_web_management_system:1.5:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16063
bugtraq	20051224 Dev web management system <= 1.5 SQL injection / cross site scripting
misc	http://rgod.altervista.org/dev_15_sql_xpl.html
osvdb	22040 22041 22042
sectrack	1015410
secunia	18239
xf	dev-openforum-sql-injection(23898)

Last major update

19-10-2018 - 15:41

Published

28-12-2005 - 11:03

Last modified

19-10-2018 - 15:41