CVE - CVE-2005-4227

CVE-ID
CVE-2005-4227	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:15183 URL:http://www.securityfocus.com/bid/15183 BUGTRAQ:20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities URL:http://www.securityfocus.com/archive/1/419280/100/0/threaded BUGTRAQ:20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities URL:http://www.securityfocus.com/archive/1/419487/100/0/threaded MISC:http://glide.stanford.edu/yichen/research/sec.pdf OSVDB:22017 URL:~~http://www.osvdb.org/22017~~ (Obsolete source) OSVDB:22018 URL:~~http://www.osvdb.org/22018~~ (Obsolete source) OSVDB:22019 URL:~~http://www.osvdb.org/22019~~ (Obsolete source) OSVDB:22020 URL:~~http://www.osvdb.org/22020~~ (Obsolete source) OSVDB:22021 URL:~~http://www.osvdb.org/22021~~ (Obsolete source) OSVDB:22022 URL:~~http://www.osvdb.org/22022~~ (Obsolete source) OSVDB:22023 URL:~~http://www.osvdb.org/22023~~ (Obsolete source) OSVDB:22024 URL:~~http://www.osvdb.org/22024~~ (Obsolete source) OSVDB:22025 URL:~~http://www.osvdb.org/22025~~ (Obsolete source) OSVDB:22026 URL:~~http://www.osvdb.org/22026~~ (Obsolete source) OSVDB:22027 URL:~~http://www.osvdb.org/22027~~ (Obsolete source) OSVDB:22028 URL:~~http://www.osvdb.org/22028~~ (Obsolete source) OSVDB:22029 URL:~~http://www.osvdb.org/22029~~ (Obsolete source) OSVDB:22030 URL:~~http://www.osvdb.org/22030~~ (Obsolete source) OSVDB:22031 URL:~~http://www.osvdb.org/22031~~ (Obsolete source) SECUNIA:12751 URL:http://secunia.com/advisories/12751 VUPEN:ADV-2005-2863 URL:~~http://www.vupen.com/english/advisories/2005/2863~~ (Obsolete source) XF:dcpportal-multiple-php-sql-injection(22855) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22855
Assigning CNA
MITRE Corporation
Date Record Created
20051214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)