DUportal Non-specific Database Query Tampering

2003-12-18T06:24:20
ID OSVDB:3774
Type osvdb
Reporter OSVDB
Modified 2003-12-18T06:24:20

Description

Vulnerability Description

DUportal contains a flaw that allows a remote attacker to manipulate database queries. The issue is due to unspecified vulnerabilities in several scripts.

Technical Description

DUportal scripts affected: search.asp password.asp channel.asp register.asp type.asp detail.asp post.asp submit.asp

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DUportal contains a flaw that allows a remote attacker to manipulate database queries. The issue is due to unspecified vulnerabilities in several scripts.

References:

Vendor URL: http://www.duware.com/products/category.asp?iCat=8&nCat=Portal%20&%20Site Secunia Advisory ID:10456 Related OSVDB ID: 3071 Related OSVDB ID: 3772 Related OSVDB ID: 3775 Related OSVDB ID: 3773 Related OSVDB ID: 3776 Related OSVDB ID: 3269 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-12/0239.html ISS X-Force ID: 14016 Generic Exploit URL: http://www.gulftech.org/vuln/DUd3.html Bugtraq ID: 9246