CVE-2005-2468: SQL Injection
First published: Sat Dec 31 2005(Updated: )
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL Eventum | =1.4 | |
| MySQL Eventum | =1.2.2 | |
| MySQL Eventum | =1.1 | |
| MySQL Eventum | =1.3.1 | |
| MySQL Eventum | =1.5.5 | |
| MySQL Eventum | =1.3 | |
| MySQL Eventum | =1.2 | |
| MySQL Eventum | =1.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gulftech.org/?node=research&article_id=00093-07312005
- http://lists.mysql.com/eventum-users/2072
- http://www.securityfocus.com/bid/14437
- http://www.osvdb.org/18403
- http://www.osvdb.org/18404
- http://www.osvdb.org/18405
- http://www.osvdb.org/18406
- http://securitytracker.com/id?1014603
- http://secunia.com/advisories/16304
- http://www.vupen.com/english/advisories/2005/1287
- http://marc.info/?l=bugtraq&m=112292193807958&w=2
Frequently Asked Questions
What is the severity of CVE-2005-2468?
CVE-2005-2468 has a medium severity rating due to its potential for remote SQL injection vulnerabilities.
How do I fix CVE-2005-2468?
To fix CVE-2005-2468, upgrade to a newer version of MySQL Eventum that is not affected by these vulnerabilities.
Which versions of MySQL Eventum are affected by CVE-2005-2468?
MySQL Eventum versions 1.5.5 and earlier are affected by CVE-2005-2468, specifically versions 1.1 through 1.5.5.
What are the consequences of exploiting CVE-2005-2468?
Exploiting CVE-2005-2468 can allow remote attackers to execute arbitrary SQL commands, leading to potential data compromise.
Is CVE-2005-2468 a local or remote vulnerability?
CVE-2005-2468 is classified as a remote vulnerability, allowing exploitation from outside the affected system.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/mysql
- canonical/mysql eventum
- version/mysql eventum/1.4
- version/mysql eventum/1.2.2
- version/mysql eventum/1.1
- version/mysql eventum/1.3.1
- version/mysql eventum/1.5.5
- version/mysql eventum/1.3
- version/mysql eventum/1.2
- version/mysql eventum/1.5.4