QwikSec

Security Database

CVE

CWE

Training

CVE-2005-3365

Published: Oct 29, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

dcpportal-multiple-php-sql-injection(22855)

vdb-entry

x_refsource_XF

http://glide.stanford.edu/yichen/research/sec.pdf

x_refsource_MISC

20051024 DCP - portal XSS & SQL attacks

mailing-list

x_refsource_BUGTRAQ

dcpportal-index-sql-injection(39447)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.