CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.0%
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT–BrowseResources.php, (2) ResourceId parameter in SPT–FullRecord.php, (3) ResourceOffset parameter in SPT–Home.php, and (4) F_UserName and (5) F_Password in SPT–UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
Vendor | Product | Version | CPE |
---|---|---|---|
internet_scout | scout_portal_toolkit | * | cpe:2.3:a:internet_scout:scout_portal_toolkit:*:*:*:*:*:*:*:* |
internet_scout | scout_portal_toolkit | 1.3.0_beta | cpe:2.3:a:internet_scout:scout_portal_toolkit:1.3.0_beta:*:*:*:*:*:*:* |
internet_scout_project | scout_portal_toolkit | 1.4.0 | cpe:2.3:a:internet_scout_project:scout_portal_toolkit:1.4.0:*:*:*:*:*:*:* |
secunia.com/advisories/17979
www.osvdb.org/21625
www.osvdb.org/21626
www.osvdb.org/21627
www.osvdb.org/21628
www.securityfocus.com/archive/1/491611/100/0/threaded
www.securityfocus.com/bid/15818
www.securityfocus.com/bid/29034
www.vupen.com/english/advisories/2005/2844
www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt
exchange.xforce.ibmcloud.com/vulnerabilities/23547
exchange.xforce.ibmcloud.com/vulnerabilities/42169
www.exploit-db.com/exploits/5540