CVE-2005-3676

Properties

Published:
17.11.2005
Updated:
23.11.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
PhpWebThings: PhpWebThings

Vulnerability description

SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=113198898514200&w=2
BID: http://www.securityfocus.com/bid/15399/
XF: http://xforce.iss.net/xforce/xfdb/23047
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=113198898514200&w=2
FRSIRT: http://www.frsirt.com/english/advisories/2005/2860
OSVDB: http://www.osvdb.org/20945