Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-10-14T04:00:00
Updated: 2024-08-07T23:01:59.395Z
Reserved: 2005-10-14T00:00:00
Link: CVE-2005-3236
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-10-14T10:02:00.000
Modified: 2024-11-21T00:01:25.230
Link: CVE-2005-3236
Redhat
No data.