CVE-2005-4821
published 2005-12-31CVE-2005-4821: Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.17%
80.0th percentile
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2) the f parameter in events.php, or (3) the e parameter in plug.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| neocrome | land_down_under | — | — |
| neocrome | land_down_under | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Land Down Under 800/801 - 'auth.php?m' SQL Injection
exploitdb·2005-09-13
CVE-2005-4821 Land Down Under 800/801 - 'auth.php?m' SQL Injection
Land Down Under 800/801 - 'auth.php?m' SQL Injection
---
source: https://www.securityfocus.com/bid/14820/info
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/auth.php?m=all'%20;%20AND%20THIS=VULN
http://www.example.com/auth.php?m='%20;%20AND%20THIS=VULN
Exploit-DB
Land Down Under 800/801 - 'plug.php?e' SQL Injection
exploitdb·2005-09-13
CVE-2005-4821 Land Down Under 800/801 - 'plug.php?e' SQL Injection
Land Down Under 800/801 - 'plug.php?e' SQL Injection
---
source: https://www.securityfocus.com/bid/14820/info
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/plug.php?e=topitems';AND%20THIS=LAME
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0381.htmlhttp://www.g-0.org/code/ldu-adv.htmlhttp://www.osvdb.org/19504http://www.osvdb.org/19505http://www.securityfocus.com/bid/14820http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0381.htmlhttp://www.g-0.org/code/ldu-adv.htmlhttp://www.osvdb.org/19504http://www.osvdb.org/19505http://www.securityfocus.com/bid/14820
2005-12-31
Published