CVE - CVE-2005-4226

CVE-ID
CVE-2005-4226	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities URL:http://www.securityfocus.com/archive/1/419280/100/0/threaded BUGTRAQ:20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities URL:http://www.securityfocus.com/archive/1/419487/100/0/threaded MISC:http://glide.stanford.edu/yichen/research/sec.pdf OSVDB:21650 URL:~~http://www.osvdb.org/21650~~ (Obsolete source) OSVDB:21651 URL:~~http://www.osvdb.org/21651~~ (Obsolete source) OSVDB:21652 URL:~~http://www.osvdb.org/21652~~ (Obsolete source) OSVDB:21653 URL:~~http://www.osvdb.org/21653~~ (Obsolete source) OSVDB:21654 URL:~~http://www.osvdb.org/21654~~ (Obsolete source) OSVDB:21655 URL:~~http://www.osvdb.org/21655~~ (Obsolete source) OSVDB:21656 URL:~~http://www.osvdb.org/21656~~ (Obsolete source) SECUNIA:18011 URL:http://secunia.com/advisories/18011/ VUPEN:ADV-2005-2860 URL:~~http://www.vupen.com/english/advisories/2005/2860~~ (Obsolete source) XF:phpwebthings-download-ref-sql-injection(23565) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/23565
Assigning CNA
MITRE Corporation
Date Record Created
20051214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)