mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
138 lines
4.2 KiB
JSON
138 lines
4.2 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2005-4366",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html"
|
|
},
|
|
{
|
|
"name" : "15644",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/15644"
|
|
},
|
|
{
|
|
"name" : "21179",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21179"
|
|
},
|
|
{
|
|
"name" : "21180",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21180"
|
|
},
|
|
{
|
|
"name" : "21181",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21181"
|
|
},
|
|
{
|
|
"name" : "21182",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21182"
|
|
},
|
|
{
|
|
"name" : "21183",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21183"
|
|
},
|
|
{
|
|
"name" : "21184",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21184"
|
|
},
|
|
{
|
|
"name" : "21185",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21185"
|
|
},
|
|
{
|
|
"name" : "21186",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21186"
|
|
},
|
|
{
|
|
"name" : "21187",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21187"
|
|
},
|
|
{
|
|
"name" : "21188",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21188"
|
|
},
|
|
{
|
|
"name" : "21189",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21189"
|
|
},
|
|
{
|
|
"name" : "21190",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21190"
|
|
},
|
|
{
|
|
"name" : "21191",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21191"
|
|
},
|
|
{
|
|
"name" : "21192",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/21192"
|
|
}
|
|
]
|
|
}
|
|
}
|