Vulnerability Description
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webwiz | Database Login | <= 1.71 |
| Webwiz | Journal | <= 1.0 |
| Webwiz | Site News | <= 3.06 |
| Webwiz | Weekly Poll | <= 3.06 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/18263PatchVendor Advisory
- http://securityreason.com/securityalert/305
- http://www.osvdb.org/22148
- http://www.securityfocus.com/archive/1/420551/100/0/threaded
- http://www.securityfocus.com/bid/16085Exploit
- http://www.vupen.com/english/advisories/2006/0007
- http://secunia.com/advisories/18263PatchVendor Advisory
- http://securityreason.com/securityalert/305
- http://www.osvdb.org/22148
- http://www.securityfocus.com/archive/1/420551/100/0/threaded
- http://www.securityfocus.com/bid/16085Exploit
- http://www.vupen.com/english/advisories/2006/0007
FAQ
What is CVE-2005-4606?
CVE-2005-4606 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login...
How severe is CVE-2005-4606?
CVE-2005-4606 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4606?
Check the references section above for vendor advisories and patch information. Affected products include: Webwiz Database Login, Webwiz Journal, Webwiz Site News, Webwiz Weekly Poll.