CVE-2005-3875
published 2005-11-29CVE-2005-3875: Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.24%
65.5th percentile
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enterprise_heart | enterprise_connector | <= 1.0.2 | — |
| enterprise_heart | enterprise_connector | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v8rp-cx63-ff49: Multiple SQL injection vulnerabilities in Enterprise Connector 1
ghsa_unreviewed·2022-05-01
CVE-2005-3875 [HIGH] GHSA-v8rp-cx63-ff49: Multiple SQL injection vulnerabilities in Enterprise Connector 1
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
GHSA
GHSA-96fj-j48j-g393: SQL injection vulnerability in main
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-4563 [HIGH] GHSA-96fj-j48j-g393: SQL injection vulnerability in main
SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875.
No detection rules found.
Exploit-DB
Enterprise Heart Enterprise Connector 1.0.2 - 'send.php?messageid' SQL Injection
exploitdb·2005-11-28
CVE-2005-3875 Enterprise Heart Enterprise Connector 1.0.2 - 'send.php?messageid' SQL Injection
Enterprise Heart Enterprise Connector 1.0.2 - 'send.php?messageid' SQL Injection
---
source: https://www.securityfocus.com/bid/15578/info
Enterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
/send.php?messageid=[SQL]
Exploit-DB
Enterprise Heart Enterprise Connector 1.0.2 - 'messages.php?messageid' SQL Injection
exploitdb·2005-11-28
CVE-2005-3875 Enterprise Heart Enterprise Connector 1.0.2 - 'messages.php?messageid' SQL Injection
Enterprise Heart Enterprise Connector 1.0.2 - 'messages.php?messageid' SQL Injection
---
source: https://www.securityfocus.com/bid/15578/info
Enterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
/messages.php?action=delete&messageid=[SQL]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.htmlhttp://secunia.com/advisories/17743http://www.osvdb.org/21141http://www.osvdb.org/21142http://www.securityfocus.com/bid/15578http://www.vupen.com/english/advisories/2005/2602http://pridels0.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.htmlhttp://secunia.com/advisories/17743http://www.osvdb.org/21141http://www.osvdb.org/21142http://www.securityfocus.com/bid/15578http://www.vupen.com/english/advisories/2005/2602
2005-11-29
Published