CVE-2005-2675
published 2005-08-23CVE-2005-2675: Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.17%
63.5th percentile
Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| neocrome | land_down_under | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Land Down Under 700/701/800/801 - 'list.php' Multiple SQL Injections
exploitdb·2005-08-29
CVE-2005-2675 Land Down Under 700/701/800/801 - 'list.php' Multiple SQL Injections
Land Down Under 700/701/800/801 - 'list.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/14685/info
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/list.php?c='&s=title&w=asc&o=1&p=1
http://www.example.com/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1
Exploit-DB
Land Down Under 800/801 - 'list.php' Multiple SQL Injections
exploitdb·2005-08-20
CVE-2005-2675 Land Down Under 800/801 - 'list.php' Multiple SQL Injections
Land Down Under 800/801 - 'list.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/14618/info
Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/list.php?c=articles&s=title&w=asc&o='&p=1
http://www.example.com/ldu/list.php?c=articles&s=title&w='&o=1&p=1
http://www.example.com/ldu/list.php?c=articles&s='&w=asc&o=1&p=1
Exploit-DB
Land Down Under 800/801 - 'links.php?w' SQL Injection
exploitdb·2005-08-20
CVE-2005-2675 Land Down Under 800/801 - 'links.php?w' SQL Injection
Land Down Under 800/801 - 'links.php?w' SQL Injection
---
source: https://www.securityfocus.com/bid/14618/info
Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/links.php?c=links&s=title&w='
Exploit-DB
Land Down Under 800/801 - 'journal.php?m' SQL Injection
exploitdb·2005-08-20
CVE-2005-2675 Land Down Under 800/801 - 'journal.php?m' SQL Injection
Land Down Under 800/801 - 'journal.php?m' SQL Injection
---
source: https://www.securityfocus.com/bid/14618/info
Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/journal.php?m='&s=username&w=asc
http://www.example.com/ldu/journal.php?m='&p=1
http://www.example.com/ldu/journal.php?m='
Exploit-DB
Land Down Under 800/801 - 'forums.php' Multiple SQL Injections
exploitdb·2005-08-20
CVE-2005-2675 Land Down Under 800/801 - 'forums.php' Multiple SQL Injections
Land Down Under 800/801 - 'forums.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/14618/info
Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/forums.php?filter=forums%2Ephp%3Fc%3Dskin&x='
http://www.example.com/ldu/forums.php?m=topics&q=3&n='
http://www.example.com/ldu/forums.php?m='&q=3&n=last
http://www.example.com/ldu/forums.php?m=topics&s='
No writeups or analysis indexed.
2005-08-23
Published