CVE-2005-1236
published 2005-05-02CVE-2005-1236: Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.41%
82.0th percentile
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| duware | duportal | — | — |
| duware | duportal | — | — |
| duware | duportal | — | — |
| duware | duportal | — | — |
| duware | duportal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4cc2-ww2m-x787: Multiple SQL injection vulnerabilities in DUware DUportal Pro 3
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-1224 [HIGH] GHSA-4cc2-ww2m-x787: Multiple SQL injection vulnerabilities in DUware DUportal Pro 3
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.
GHSA
GHSA-78fv-f7vr-m89j: Multiple SQL injection vulnerabilities in DUware DUportal 3
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-1236 [HIGH] GHSA-78fv-f7vr-m89j: Multiple SQL injection vulnerabilities in DUware DUportal 3
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
No detection rules found.
Exploit-DB
DUportal 3.1.2 - 'type.asp?iCat' SQL Injection
exploitdb·2005-04-20
CVE-2005-1236 DUportal 3.1.2 - 'type.asp?iCat' SQL Injection
DUportal 3.1.2 - 'type.asp?iCat' SQL Injection
---
source: https://www.securityfocus.com/bid/13288/info
DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DUportal/DUportal SQL 3.1.2; earlier versions may also be affected.
http://www.example.com/test_DUportal/home/type.asp?iCat='SQL_INJECTION&iChannel=8&nChannel=Products
Exploit-DB
DUportal 3.1.2 - 'inc_rating.asp' Multiple SQL Injections
exploitdb·2005-04-20
CVE-2005-1236 DUportal 3.1.2 - 'inc_rating.asp' Multiple SQL Injections
DUportal 3.1.2 - 'inc_rating.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/13288/info
DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DUportal/DUportal SQL 3.1.2; earlier versions may also be affected.
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData='SQL_INJECTION&nChannel=Products&iRate=5
http://www.example.com/test_DUportal
Exploit-DB
DUportal 3.1.2 - 'channel.asp?iChannel' SQL Injection
exploitdb·2005-04-20
CVE-2005-1236 DUportal 3.1.2 - 'channel.asp?iChannel' SQL Injection
DUportal 3.1.2 - 'channel.asp?iChannel' SQL Injection
---
source: https://www.securityfocus.com/bid/13288/info
DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DUportal/DUportal SQL 3.1.2; earlier versions may also be affected.
http://www.example.com/test_DUportal/home/../home/channel.asp?iChannel='SQL_INJECTION&nChannel=Articles
Exploit-DB
DUportal 3.1.2 - 'inc_poll_voting.asp?DAT_PARENT' SQL Injection
exploitdb·2005-04-20
CVE-2005-1236 DUportal 3.1.2 - 'inc_poll_voting.asp?DAT_PARENT' SQL Injection
DUportal 3.1.2 - 'inc_poll_voting.asp?DAT_PARENT' SQL Injection
---
source: https://www.securityfocus.com/bid/13288/info
DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DUportal/DUportal SQL 3.1.2; earlier versions may also be affected.
http://www.example.com/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT='SQL_INJECTION&DAT_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&DAT_ID=112
No writeups or analysis indexed.
2005-05-02
Published