CVE-2005-1804

Properties

Published:
28.05.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Net Portal Dynamic System: Net Portal Dynamic System

Vulnerability description

Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.

References:

CONFIRM: http://www.npds.org/download.php?op=geninfo&did=115
SECTRACK: http://securitytracker.com/id?1014073
CONFIRM: http://www.npds.org/download.php?op=geninfo&did=115