Vulnerability Description
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dev | Dev Web Management System | 1.5 |
References
- http://rgod.altervista.org/dev_15_sql_xpl.htmlExploit
- http://secunia.com/advisories/18239ExploitVendor Advisory
- http://securitytracker.com/id?1015410Exploit
- http://www.osvdb.org/22040
- http://www.osvdb.org/22041
- http://www.osvdb.org/22042
- http://www.securityfocus.com/archive/1/420253/100/0/threaded
- http://www.securityfocus.com/bid/16063Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23898
- http://rgod.altervista.org/dev_15_sql_xpl.htmlExploit
- http://secunia.com/advisories/18239ExploitVendor Advisory
- http://securitytracker.com/id?1015410Exploit
- http://www.osvdb.org/22040
- http://www.osvdb.org/22041
- http://www.osvdb.org/22042
FAQ
What is CVE-2005-4554?
CVE-2005-4554 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum...
How severe is CVE-2005-4554?
CVE-2005-4554 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4554?
Check the references section above for vendor advisories and patch information. Affected products include: Dev Dev Web Management System.