Описание
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-3817
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23208
- http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.html
- http://secunia.com/advisories/17724
- http://www.osvdb.org/21079
- http://www.osvdb.org/21080
- http://www.osvdb.org/21081
- http://www.osvdb.org/21082
- http://www.osvdb.org/21083
- http://www.securityfocus.com/bid/15561
- http://www.vupen.com/english/advisories/2005/2557
Связанные уязвимости
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.