CVE-2005-4382

2005-12-2002:00:00

mitre

www.cve.org

8.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.

References

pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html

secunia.com/advisories/18145/

www.osvdb.org/21855

www.osvdb.org/21969

www.vupen.com/english/advisories/2005/2979

exchange.xforce.ibmcloud.com/vulnerabilities/23818