CVE-2005-0454

2005-02-1605:00:00

mitre

www.cve.org

8.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.

References

glide.stanford.edu/yichen/research/sec.pdf

marc.info/?l=bugtraq&m=110858497207809&w=2

securityreason.com/securityalert/108

securitytracker.com/id?1013216

www.hackgen.org/advisories/hackgen-2005-003.txt

www.securityfocus.com/archive/1/419280/100/0/threaded

www.securityfocus.com/bid/12573

exchange.xforce.ibmcloud.com/vulnerabilities/19361