CVE-2005-3365
published 2005-10-30CVE-2005-3365: Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.17%
86.4th percentile
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x7w2-7973-vvmw: SQL injection vulnerability in login
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4836 [HIGH] GHSA-x7w2-7973-vvmw: SQL injection vulnerability in login
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
GHSA
GHSA-97m8-rj8m-hvm2: Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-4227 [HIGH] GHSA-97m8-rj8m-hvm2: Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp
GHSA
GHSA-w22h-xhrm-8cw5: Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encode
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3365 [HIGH] CWE-89 GHSA-w22h-xhrm-8cw5: Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encode
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://glide.stanford.edu/yichen/research/sec.pdfhttp://marc.info/?l=bugtraq&m=113017151829342&w=2http://secunia.com/advisories/12751/http://securityreason.com/securityalert/108http://www.osvdb.org/20493http://www.osvdb.org/20494http://www.securityfocus.com/archive/1/419280/100/0/threadedhttp://www.securityfocus.com/bid/15183http://www.securityfocus.com/bid/27167https://exchange.xforce.ibmcloud.com/vulnerabilities/22855https://exchange.xforce.ibmcloud.com/vulnerabilities/39447https://www.exploit-db.com/exploits/4853http://glide.stanford.edu/yichen/research/sec.pdfhttp://marc.info/?l=bugtraq&m=113017151829342&w=2http://secunia.com/advisories/12751/http://securityreason.com/securityalert/108http://www.osvdb.org/20493http://www.osvdb.org/20494http://www.securityfocus.com/archive/1/419280/100/0/threadedhttp://www.securityfocus.com/bid/15183http://www.securityfocus.com/bid/27167https://exchange.xforce.ibmcloud.com/vulnerabilities/22855https://exchange.xforce.ibmcloud.com/vulnerabilities/39447https://www.exploit-db.com/exploits/4853
2005-10-30
Published