Vulnerabilities > CVE-2005-1562 - Remote vulnerability in MaxWebPortal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Nessus
NASL family | CGI abuses |
NASL id | MAXWEBPORTAL_135.NASL |
description | According to its banner, the remote host is running a version of MaxWebPortal that is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation of these flaws may result in password theft and/or site defacement. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18248 |
published | 2005-05-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18248 |
title | MaxWebPortal <= 1.35 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=111584883727605&w=2
- http://secunia.com/advisories/15329
- http://www.hackerscenter.com/archive/view.asp?id=2542
- http://www.osvdb.org/16502
- http://www.osvdb.org/16503
- http://www.osvdb.org/16504
- http://www.osvdb.org/16506
- http://www.osvdb.org/16510
- http://www.securityfocus.com/bid/13601
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20562