SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/18263 - Patch, Vendor Advisory | |
References | () http://securityreason.com/securityalert/305 - | |
References | () http://www.osvdb.org/22148 - | |
References | () http://www.securityfocus.com/archive/1/420551/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/16085 - Exploit | |
References | () http://www.vupen.com/english/advisories/2006/0007 - |
Information
Published : 2005-12-31 05:00
Updated : 2024-11-21 00:04
NVD link : CVE-2005-4606
Mitre link : CVE-2005-4606
CVE.ORG link : CVE-2005-4606
JSON object : View
Products Affected
webwiz
- site_news
- journal
- database_login
- weekly_poll
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')