Vulnerability Description
Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envivosoft | Envivo Cms | 3.54 |
References
- http://digitalparadox.org/viewadvisories.ah?view=37Exploit
- http://marc.info/?l=full-disclosure&m=118414271202945&w=2
- http://secunia.com/advisories/15173
- http://securitytracker.com/id?1013843Exploit
- http://securityvulns.ru/Rdocument425.html
- http://www.osvdb.org/15964
- http://www.osvdb.org/15965
- http://www.osvdb.org/15966
- http://www.securityfocus.com/bid/13437
- http://www.securityfocus.com/bid/13439
- http://www.securityfocus.com/bid/13440
- http://www.securityfocus.com/bid/24860
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20313
- http://digitalparadox.org/viewadvisories.ah?view=37Exploit
- http://marc.info/?l=full-disclosure&m=118414271202945&w=2
FAQ
What is CVE-2005-1413?
CVE-2005-1413 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or...
How severe is CVE-2005-1413?
CVE-2005-1413 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1413?
Check the references section above for vendor advisories and patch information. Affected products include: Envivosoft Envivo Cms.