Vulnerabilities > CVE-2005-2045 - Unspecified vulnerability in Duware Duportal PRO 3.4.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
duware
nessus
NVD
Published: 2005-06-22
Updated: 2024-11-20

Summary

Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp.

Vulnerable Configurations

Part Description Count
Application
Duware
1

Nessus

NASL familyCGI abuses
NASL idDUPORTAL_SQL_INJECTIONS2.NASL
descriptionThe remote host is running DUportal Pro, an ASP-based product suite from DUware for building web portals / online communities. The installed version of DUportal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.
last seen2020-06-01
modified2020-06-02
plugin id18569
published2005-06-28
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18569
titleDUportal Pro Multiple Scripts SQL Injection (2)

References