Vulnerabilities > CVE-2005-3875 - SQL Injection vulnerability in Enterprise Connector

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
enterprise-heart
exploit available
NVD
Published: 2005-11-29
Updated: 2011-03-08

Summary

Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.

Vulnerable Configurations

Part Description Count
Application
Enterprise_Heart
1

Exploit-Db

  • descriptionEnterprise Heart Enterprise Connector 1.0.2 send.php messageid Parameter SQL Injection. CVE-2005-3875. Webapps exploit for php platform
    idEDB-ID:26602
    last seen2016-02-03
    modified2005-11-28
    published2005-11-28
    reporterr0t
    sourcehttps://www.exploit-db.com/download/26602/
    titleEnterprise Heart Enterprise Connector 1.0.2 send.php messageid Parameter SQL Injection
  • descriptionEnterprise Heart Enterprise Connector 1.0.2 messages.php messageid Parameter SQL Injection. CVE-2005-3875. Webapps exploit for php platform
    idEDB-ID:26603
    last seen2016-02-03
    modified2005-11-28
    published2005-11-28
    reporterr0t
    sourcehttps://www.exploit-db.com/download/26603/
    titleEnterprise Heart Enterprise Connector 1.0.2 messages.php messageid Parameter SQL Injection

References