Back to search
CVE-2005-4380
Published: Dec 20, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
21919
vdb-entry
x_refsource_OSVDB
21921
vdb-entry
x_refsource_OSVDB
15962
vdb-entry
x_refsource_BID
http://www.bitweaver.org/forums/viewtopic.php?t=1299
x_refsource_CONFIRM
bitweaver-multiple-sql-injection(23814)
vdb-entry
x_refsource_XF
ADV-2005-2975
vdb-entry
x_refsource_VUPEN
21920
vdb-entry
x_refsource_OSVDB
21922
vdb-entry
x_refsource_OSVDB
21923
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now