CVE-2005-4664

Properties

Published:
30.12.2005
Updated:
17.01.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    OcoMon: OcoMon

    Vulnerability description

    SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.

    References:

    http://sourceforge.net/project/showfiles.php?group_id=45554: http://sourceforge.net/project/showfiles.php?group_id=45554
    OSVDB: http://www.osvdb.org/20751
    SECUNIA: http://secunia.com/advisories/17470
    XF: http://xforce.iss.net/xforce/xfdb/23085