Back to search
CVE-2005-1562
Published: May 14, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS
mailing-list
x_refsource_BUGTRAQ
http://www.hackerscenter.com/archive/view.asp?id=2542
x_refsource_MISC
16504
vdb-entry
x_refsource_OSVDB
maxwebportal-postasp-sql-injection(20562)
vdb-entry
x_refsource_XF
15329
third-party-advisory
x_refsource_SECUNIA
13601
vdb-entry
x_refsource_BID
16506
vdb-entry
x_refsource_OSVDB
16502
vdb-entry
x_refsource_OSVDB
16503
vdb-entry
x_refsource_OSVDB
16510
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now