Vulnerabilities > CVE-2005-2675 - Unspecified vulnerability in Neocrome Land Down Under 800

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
neocrome
nessus
exploit available
NVD
Published: 2005-08-23
Updated: 2024-04-11

Summary

Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Vulnerable Configurations

Part Description Count
Application
Neocrome
1

Exploit-Db

  • descriptionLand Down Under 800/801 list.php Multiple Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform
    idEDB-ID:26179
    last seen2016-02-03
    modified2005-08-20
    published2005-08-20
    reporterbl2k
    sourcehttps://www.exploit-db.com/download/26179/
    titleLand Down Under 800/801 list.php Multiple Parameter SQL Injection
  • descriptionLand Down Under 800/801 forums.php Multiple Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform
    idEDB-ID:26180
    last seen2016-02-03
    modified2005-08-20
    published2005-08-20
    reporterbl2k
    sourcehttps://www.exploit-db.com/download/26180/
    titleLand Down Under 800/801 forums.php Multiple Parameter SQL Injection
  • descriptionLand Down Under 800/801 links.php w Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform
    idEDB-ID:26177
    last seen2016-02-03
    modified2005-08-20
    published2005-08-20
    reporterbl2k
    sourcehttps://www.exploit-db.com/download/26177/
    titleLand Down Under 800/801 links.php w Parameter SQL Injection
  • descriptionLand Down Under 700/701/800/801 list.php Multiple Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform
    idEDB-ID:26207
    last seen2016-02-03
    modified2005-08-29
    published2005-08-29
    reportermatrix_killer
    sourcehttps://www.exploit-db.com/download/26207/
    titleLand Down Under 700/701/800/801 list.php Multiple Parameter SQL Injection

Nessus

  • NASL familyCGI abuses
    NASL idLDU_SQL_INJECTION.NASL
    descriptionThe remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id19678
    published2005-09-06
    reporterCopyright (C) 2005-2018 Josh Zlatin-Amishav
    sourcehttps://www.tenable.com/plugins/nessus/19678
    titleLand Down Under <= 800 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idLDU_801.NASL
    descriptionThe remote version of Land Down Under is prone to several SQL injection and cross-site scripting attacks due to its failure to sanitize user-supplied input to several parameters used by the
    last seen2020-06-01
    modified2020-06-02
    plugin id19603
    published2005-09-09
    reporterCopyright (C) 2005-2018 Josh Zlatin-Amishav
    sourcehttps://www.tenable.com/plugins/nessus/19603
    titleLand Down Under <= 801 Multiple Vulnerabilities

References