CVE-2005-4195 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2005-4195?

CVE-2005-4195 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-4195?

Check the references section above for vendor advisories and patch information. Affected products include: Internet Scout Scout Portal Toolkit, Internet Scout Project Scout Portal Toolkit.

Vulnerability Description

Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Internet Scout	Scout Portal Toolkit	<= 1.3.1
Internet Scout Project	Scout Portal Toolkit	1.4.0

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2005-4195?

CVE-2005-4195 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.p...

How severe is CVE-2005-4195?

CVE-2005-4195 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4195?

Check the references section above for vendor advisories and patch information. Affected products include: Internet Scout Scout Portal Toolkit, Internet Scout Project Scout Portal Toolkit.