CVE-2005-1017

2005-04-0804:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

65.9%

JSON

SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.

References

secunia.com/advisories/14752

securitytracker.com/id?1013617

www.hackerscenter.com/archive/view.asp?id=1807

www.securityfocus.com/bid/12968

exchange.xforce.ibmcloud.com/vulnerabilities/19928