Back to search
CVE-2005-3236
Published: Oct 14, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1015020
vdb-entry
x_refsource_SECTRACK
19944
vdb-entry
x_refsource_OSVDB
cyphor-lostpwd-newmsg-sql-injection(22552)
vdb-entry
x_refsource_XF
70
third-party-advisory
x_refsource_SREASON
19945
vdb-entry
x_refsource_OSVDB
17104
third-party-advisory
x_refsource_SECUNIA
19943
vdb-entry
x_refsource_OSVDB
15047
vdb-entry
x_refsource_BID
20051008 Cyphor 0.19 SQL Injection / Board takeover / cross site scripting
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now