{"type": "osvdb", "published": "2005-05-11T05:14:07", "href": "https://vulners.com/osvdb/OSVDB:16505", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 17, "edition": 1, "reporter": "Zinho(zinho@hackerscenter.com)", "title": "MaxWebPortal pop_profile.asp Cookie Variables SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "1.3.5", "name": "MaxWebPortal"}], "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2017-04-28T13:20:12", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:12", "rev": 2}, "vulnersScore": 0.3}, "references": [], "id": "OSVDB:16505", "lastseen": "2017-04-28T13:20:12", "cvelist": [], "modified": "2005-05-11T05:14:07", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the cookie submitted to the pop_profile.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the cookie submitted to the pop_profile.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Related OSVDB ID: 16501](https://vulners.com/osvdb/OSVDB:16501)\n[Related OSVDB ID: 16502](https://vulners.com/osvdb/OSVDB:16502)\n[Related OSVDB ID: 16504](https://vulners.com/osvdb/OSVDB:16504)\n[Related OSVDB ID: 16503](https://vulners.com/osvdb/OSVDB:16503)\n[Related OSVDB ID: 16506](https://vulners.com/osvdb/OSVDB:16506)\nOther Advisory URL: http://www.hackerscenter.com/archive/view.asp?id=2542\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0122.html\n", "immutableFields": []}

{}