Vulnerabilities > CVE-2005-2675 - Unspecified vulnerability in Neocrome Land Down Under 800
Summary
Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Land Down Under 800/801 list.php Multiple Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform id EDB-ID:26179 last seen 2016-02-03 modified 2005-08-20 published 2005-08-20 reporter bl2k source https://www.exploit-db.com/download/26179/ title Land Down Under 800/801 list.php Multiple Parameter SQL Injection description Land Down Under 800/801 forums.php Multiple Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform id EDB-ID:26180 last seen 2016-02-03 modified 2005-08-20 published 2005-08-20 reporter bl2k source https://www.exploit-db.com/download/26180/ title Land Down Under 800/801 forums.php Multiple Parameter SQL Injection description Land Down Under 800/801 links.php w Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform id EDB-ID:26177 last seen 2016-02-03 modified 2005-08-20 published 2005-08-20 reporter bl2k source https://www.exploit-db.com/download/26177/ title Land Down Under 800/801 links.php w Parameter SQL Injection description Land Down Under 700/701/800/801 list.php Multiple Parameter SQL Injection. CVE-2005-2675. Webapps exploit for php platform id EDB-ID:26207 last seen 2016-02-03 modified 2005-08-29 published 2005-08-29 reporter matrix_killer source https://www.exploit-db.com/download/26207/ title Land Down Under 700/701/800/801 list.php Multiple Parameter SQL Injection
Nessus
NASL family CGI abuses NASL id LDU_SQL_INJECTION.NASL description The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP last seen 2020-06-01 modified 2020-06-02 plugin id 19678 published 2005-09-06 reporter Copyright (C) 2005-2018 Josh Zlatin-Amishav source https://www.tenable.com/plugins/nessus/19678 title Land Down Under <= 800 Multiple Vulnerabilities NASL family CGI abuses NASL id LDU_801.NASL description The remote version of Land Down Under is prone to several SQL injection and cross-site scripting attacks due to its failure to sanitize user-supplied input to several parameters used by the last seen 2020-06-01 modified 2020-06-02 plugin id 19603 published 2005-09-09 reporter Copyright (C) 2005-2018 Josh Zlatin-Amishav source https://www.tenable.com/plugins/nessus/19603 title Land Down Under <= 801 Multiple Vulnerabilities