CVE-2005-3365

CVSS V2 High 7.5 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Overview
  • CVE ID
  • CVE-2005-3365
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2005-10-30T14:34:00
  • Last Modified Date
  • 2018-10-19T15:36:18
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:codeworx_technologies:dcp-portal:6.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/15183 Exploit
http://secunia.com/advisories/12751/ Exploit Vendor Advisory
http://glide.stanford.edu/yichen/research/sec.pdf
http://www.osvdb.org/20493
http://www.osvdb.org/20494
http://securityreason.com/securityalert/108
http://www.securityfocus.com/bid/27167
http://marc.info/?l=bugtraq&m=113017151829342&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/39447
https://exchange.xforce.ibmcloud.com/vulnerabilities/22855
https://www.exploit-db.com/exploits/4853
http://www.securityfocus.com/archive/1/419280/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2005-3365
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3365
History
Created Old Value New Value Data Type Notes
2022-05-10 18:04:56 Added to TrackCVE