Vulnerabilities > CVE-2005-4664 - SQL-Injection vulnerability in Ocomon 1.21

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ocomon

exploit available

NVD

Published: 2005-12-31

Updated: 2017-07-20

Summary

SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.

Vulnerable Configurations

Part	Description	Count
Application	Ocomon Ocomon Ocomon 1.21	1

Exploit-Db

id	EDB-ID:40285
last seen	2018-11-30
modified	2016-08-22
published	2016-08-22
reporter	Exploit-DB
source	https://www.exploit-db.com/download/40285
title	Ocomon 2.0 - SQL Injection

References

http://secunia.com/advisories/17470
http://sourceforge.net/project/showfiles.php?group_id=45554
http://www.osvdb.org/20751
https://exchange.xforce.ibmcloud.com/vulnerabilities/23085