CVE-2005-4606

SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:webwiz:database_login:*:*:*:*:*:*:*:*
cpe:2.3:a:webwiz:journal:*:*:*:*:*:*:*:*
cpe:2.3:a:webwiz:site_news:*:*:*:*:*:*:*:*
cpe:2.3:a:webwiz:site_news:2.00:*:*:*:*:*:*:*
cpe:2.3:a:webwiz:weekly_poll:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:04

Type Values Removed Values Added
References () http://secunia.com/advisories/18263 - Patch, Vendor Advisory () http://secunia.com/advisories/18263 - Patch, Vendor Advisory
References () http://securityreason.com/securityalert/305 - () http://securityreason.com/securityalert/305 -
References () http://www.osvdb.org/22148 - () http://www.osvdb.org/22148 -
References () http://www.securityfocus.com/archive/1/420551/100/0/threaded - () http://www.securityfocus.com/archive/1/420551/100/0/threaded -
References () http://www.securityfocus.com/bid/16085 - Exploit () http://www.securityfocus.com/bid/16085 - Exploit
References () http://www.vupen.com/english/advisories/2006/0007 - () http://www.vupen.com/english/advisories/2006/0007 -

Information

Published : 2005-12-31 05:00

Updated : 2024-11-21 00:04


NVD link : CVE-2005-4606

Mitre link : CVE-2005-4606

CVE.ORG link : CVE-2005-4606


JSON object : View

Products Affected

webwiz

  • site_news
  • journal
  • database_login
  • weekly_poll
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')