Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-10-29T19:00:00
Updated: 2018-10-19T14:57:01
Reserved: 2005-10-29T00:00:00
Link: CVE-2005-3365
JSON object: View
NVD Information
Status : Modified
Published: 2005-10-30T14:34:00.000
Modified: 2018-10-19T15:36:18.280
Link: CVE-2005-3365
JSON object: View
Redhat Information
No data.
CWE