CVE-2005-4195

2005-12-1311:00:00

mitre

www.cve.org

AI Score

8.5

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT–BrowseResources.php, (2) ResourceId parameter in SPT–FullRecord.php, (3) ResourceOffset parameter in SPT–Home.php, and (4) F_UserName and (5) F_Password in SPT–UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.

References

secunia.com/advisories/17979

www.osvdb.org/21625

www.osvdb.org/21626

www.osvdb.org/21627

www.osvdb.org/21628

www.securityfocus.com/archive/1/491611/100/0/threaded

www.securityfocus.com/bid/15818

www.securityfocus.com/bid/29034

www.vupen.com/english/advisories/2005/2844

www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt

exchange.xforce.ibmcloud.com/vulnerabilities/23547

exchange.xforce.ibmcloud.com/vulnerabilities/42169

www.exploit-db.com/exploits/5540