Vulnerabilities > CVE-2005-0948 - Input Validation vulnerability in Iatek PortalApp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Iatek IntranetApp 2.3 ad_click.asp banner_id Parameter SQL Injection. CVE-2005-0948. Webapps exploit for asp platform |
id | EDB-ID:25318 |
last seen | 2016-02-03 |
modified | 2005-03-29 |
published | 2005-03-29 |
reporter | Diabolic Crab |
source | https://www.exploit-db.com/download/25318/ |
title | Iatek IntranetApp 2.3 ad_click.asp banner_id Parameter SQL Injection |
Nessus
NASL family | CGI abuses |
NASL id | PORTALAPP_INPUT_VALIDATION.NASL |
description | The remote host is running ASP PortalApp, a web application software written in ASP. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host. In addition, a path disclosure and cross-site scripting vulnerability were reported, although Nessus has not checked for them. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17653 |
published | 2005-03-30 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17653 |
title | ASP PortalApp Multiple SQL Injection |
code |
|