CVE-2005-2788
published 2005-09-02CVE-2005-2788: Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.41%
82.0th percentile
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Land Down Under 700/701/800/801 - 'index.php?c' SQL Injection
exploitdb·2005-08-29
CVE-2005-2788 Land Down Under 700/701/800/801 - 'index.php?c' SQL Injection
Land Down Under 700/701/800/801 - 'index.php?c' SQL Injection
---
source: https://www.securityfocus.com/bid/14685/info
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/index.php?c='
http://www.example.com/ldu/index.php?c=%27
Exploit-DB
Land Down Under 700/701/800/801 - 'events.php?c' SQL Injection
exploitdb·2005-08-29
CVE-2005-2788 Land Down Under 700/701/800/801 - 'events.php?c' SQL Injection
Land Down Under 700/701/800/801 - 'events.php?c' SQL Injection
---
source: https://www.securityfocus.com/bid/14685/info
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/ldu/events.php?c='
http://www.example.com/ldu/events.php?f=incoming&c='
http://www.example.com/ldu/events.php?c=%27
http://www.example.com/ldu/events.php?f=incoming&c=%27
No writeups or analysis indexed.
2005-09-02
Published