CVE-2005-4554

2005-12-2811:00:00

mitre

www.cve.org

8.5 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.

References

rgod.altervista.org/dev_15_sql_xpl.html

secunia.com/advisories/18239

securitytracker.com/id?1015410

www.osvdb.org/22040

www.osvdb.org/22041

www.osvdb.org/22042

www.securityfocus.com/archive/1/420253/100/0/threaded

www.securityfocus.com/bid/16063

exchange.xforce.ibmcloud.com/vulnerabilities/23898