Vulnerabilities > CVE-2005-2468 - SQL Injection vulnerability in MySQL Eventum

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
mysql
exploit available
NVD
Published: 2005-12-31
Updated: 2016-10-18

Summary

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.

Vulnerable Configurations

Part Description Count
Application
Mysql
8

Exploit-Db

descriptionMySQL Eventum <= 1.5.5 (login.php) SQL Injection Exploit. CVE-2005-2468. Webapps exploit for php platform
idEDB-ID:1134
last seen2016-01-31
modified2005-08-05
published2005-08-05
reporterJames Bercegay
sourcehttps://www.exploit-db.com/download/1134/
titleMySQL Eventum <= 1.5.5 login.php SQL Injection Exploit

References