ID CVE-2005-1562
Summary Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:maxwebportal:maxwebportal:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:1.31:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:1.31:*:*:*:*:*:*:*
  • cpe:2.3:a:maxwebportal:maxwebportal:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:maxwebportal:maxwebportal:2.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 13601
bugtraq 20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS
misc http://www.hackerscenter.com/archive/view.asp?id=2542
osvdb
  • 16502
  • 16503
  • 16504
  • 16506
  • 16510
secunia 15329
xf maxwebportal-postasp-sql-injection(20562)
Last major update 11-07-2017 - 01:32
Published 11-05-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top