Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.
References
Link | Resource |
---|---|
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html | Exploit Vendor Advisory |
http://marc.info/?l=bugtraq&m=110599710017066&w=2 | |
http://secunia.com/advisories/13873 | Vendor Advisory |
http://securitytracker.com/id?1012910 | |
http://www.securityfocus.com/archive/1/392485 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/12289 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18925 |
Configurations
History
No history.
Information
Published : 2005-01-17 05:00
Updated : 2024-02-04 16:52
NVD link : CVE-2005-0292
Mitre link : CVE-2005-0292
CVE.ORG link : CVE-2005-0292
JSON object : View
Products Affected
php_gift_registry
- phpgiftreg
CWE