CVE-2005-3876 - Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro

CVE-2005-3876

Summary

Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters.

References

http://pridels0.blogspot.com/2005/11/adc2000-ng-pro-sql-inj-vuln.html
http://secunia.com/advisories/17744
http://www.osvdb.org/21131
http://www.securityfocus.com/bid/15595
http://www.vupen.com/english/advisories/2005/2613

Vulnerable Configurations

cpe:2.3:a:td-systems:adc2000_ng_pro:1.2:*:*:*:*:*:*:*
cpe:2.3:a:td-systems:adc2000_ng_pro:1.2:*:*:*:*:*:*:*
cpe:2.3:a:td-systems:adc2000_ng_pro_lite:*:*:*:*:*:*:*:*
cpe:2.3:a:td-systems:adc2000_ng_pro_lite:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-03-2011 - 02:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15595
misc	http://pridels0.blogspot.com/2005/11/adc2000-ng-pro-sql-inj-vuln.html
osvdb	21131
secunia	17744
vupen	ADV-2005-2613

Last major update

08-03-2011 - 02:27

Published

29-11-2005 - 11:03

Last modified

08-03-2011 - 02:27