Vulnerabilities > CVE-2005-3585 - Unspecified vulnerability in PHPwebthings 1.4.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpwebthings
nessus
Summary
SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | PHPWEBTHINGS_SQL_INJECTION.NASL |
| description | The remote host is running the phpWebThings application framework. The version of phpWebThings installed on the remote host does not properly sanitize user input in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20170 |
| published | 2005-11-08 |
| reporter | This script is Copyright (C) 2005-2018 Ferdy Riphagen |
| source | https://www.tenable.com/plugins/nessus/20170 |
| title | phpWebThings Multiple Scripts SQL Injection |
References
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://glide.stanford.edu/yichen/research/sec.pdf
- http://marc.info/?l=bugtraq&m=113122187101383&w=2
- http://marc.info/?l=bugtraq&m=113122187101383&w=2
- http://secunia.com/advisories/17410/
- http://secunia.com/advisories/17410/
- http://www.osvdb.org/20441
- http://www.osvdb.org/20441
- http://www.securityfocus.com/archive/1/419280/100/0/threaded
- http://www.securityfocus.com/archive/1/419280/100/0/threaded
- http://www.securityfocus.com/bid/15277
- http://www.securityfocus.com/bid/15277
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22972
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22972