source: http://www.securityfocus.com/bid/15578/info
Enterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
/send.php?messageid=[SQL]
{"id": "EDB-ID:26602", "hash": "f260dbe21def26c549c9cf979b931142", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Enterprise Heart Enterprise Connector 1.0.2 send.php messageid Parameter SQL Injection", "description": "Enterprise Heart Enterprise Connector 1.0.2 send.php messageid Parameter SQL Injection. CVE-2005-3875. Webapps exploit for php platform", "published": "2005-11-28T00:00:00", "modified": "2005-11-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26602/", "reporter": "r0t", "references": [], "cvelist": ["CVE-2005-3875"], "lastseen": "2016-02-03T03:56:55", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-03T03:56:55"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3875"]}, {"type": "osvdb", "idList": ["OSVDB:21141", "OSVDB:21142"]}, {"type": "exploitdb", "idList": ["EDB-ID:26603"]}], "modified": "2016-02-03T03:56:55"}, "vulnersScore": 7.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/26602/", "sourceData": "source: http://www.securityfocus.com/bid/15578/info\r\n\r\nEnterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.\r\n\r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.\r\n\r\n/send.php?messageid=[SQL]", "osvdbidlist": ["21141"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:15", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.", "modified": "2011-03-08T02:27:00", "id": "CVE-2005-3875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3875", "published": "2005-11-29T11:03:00", "title": "CVE-2005-3875", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "description": "## Vulnerability Description\nEnterprise Connector contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the send.php script not properly sanitizing user-supplied input to the 'messageid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nEnterprise Connector contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the send.php script not properly sanitizing user-supplied input to the 'messageid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/send.php?messageid=[SQL]\n## References:\nVendor URL: http://www.enterpriseheart.com/site/modules/news/\n[Secunia Advisory ID:17743](https://secuniaresearch.flexerasoftware.com/advisories/17743/)\n[Related OSVDB ID: 21142](https://vulners.com/osvdb/OSVDB:21142)\nOther Advisory URL: http://pridels.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.html\n[CVE-2005-3875](https://vulners.com/cve/CVE-2005-3875)\n", "modified": "2005-11-28T10:33:31", "published": "2005-11-28T10:33:31", "href": "https://vulners.com/osvdb/OSVDB:21141", "id": "OSVDB:21141", "title": "Enterprise Connector send.php messageid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "description": "## Vulnerability Description\nEnterprise Connector contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the messages.php script not properly sanitizing user-supplied input to the 'messageid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nEnterprise Connector contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the messages.php script not properly sanitizing user-supplied input to the 'messageid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/messages.php?action=delete&messageid=[SQL]\n## References:\nVendor URL: http://www.enterpriseheart.com/site/modules/news/\n[Secunia Advisory ID:17743](https://secuniaresearch.flexerasoftware.com/advisories/17743/)\n[Related OSVDB ID: 21141](https://vulners.com/osvdb/OSVDB:21141)\nOther Advisory URL: http://pridels.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.html\n[CVE-2005-3875](https://vulners.com/cve/CVE-2005-3875)\n", "modified": "2005-11-28T10:33:31", "published": "2005-11-28T10:33:31", "href": "https://vulners.com/osvdb/OSVDB:21142", "id": "OSVDB:21142", "title": "Enterprise Connector messages.php messageid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T03:57:03", "bulletinFamily": "exploit", "description": "Enterprise Heart Enterprise Connector 1.0.2 messages.php messageid Parameter SQL Injection. CVE-2005-3875. Webapps exploit for php platform", "modified": "2005-11-28T00:00:00", "published": "2005-11-28T00:00:00", "id": "EDB-ID:26603", "href": "https://www.exploit-db.com/exploits/26603/", "type": "exploitdb", "title": "Enterprise Heart Enterprise Connector 1.0.2 messages.php messageid Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/15578/info\r\n \r\nEnterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.\r\n \r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.\r\n\r\n/messages.php?action=delete&messageid=[SQL] ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26603/"}]}
