CVE Vulnerabilities

CVE-2005-2468

Published: Dec 31, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.

Affected Software

Name Vendor Start Version End Version
Eventum Mysql 1.1 (including) 1.1 (including)
Eventum Mysql 1.2 (including) 1.2 (including)
Eventum Mysql 1.2.2 (including) 1.2.2 (including)
Eventum Mysql 1.3 (including) 1.3 (including)
Eventum Mysql 1.3.1 (including) 1.3.1 (including)
Eventum Mysql 1.4 (including) 1.4 (including)
Eventum Mysql 1.5.4 (including) 1.5.4 (including)
Eventum Mysql 1.5.5 (including) 1.5.5 (including)

References