Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
|
Internet Scout
Subscribe
|
Scout Portal Toolkit
Subscribe
|
|
Internet Scout Project
Subscribe
|
Scout Portal Toolkit
Subscribe
|
Configuration 1 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2005-4190 | Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-07T23:38:51.509Z
Reserved: 2005-12-13T00:00:00
Link: CVE-2005-4195
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2005-12-13T11:03:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2005-4195
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses