mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
137 lines
4.6 KiB
JSON
137 lines
4.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2005-4366",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "21186",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21186"
|
|
},
|
|
{
|
|
"name": "21183",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21183"
|
|
},
|
|
{
|
|
"name": "21189",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21189"
|
|
},
|
|
{
|
|
"name": "21187",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21187"
|
|
},
|
|
{
|
|
"name": "21181",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21181"
|
|
},
|
|
{
|
|
"name": "21180",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21180"
|
|
},
|
|
{
|
|
"name": "21184",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21184"
|
|
},
|
|
{
|
|
"name": "21188",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21188"
|
|
},
|
|
{
|
|
"name": "21182",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21182"
|
|
},
|
|
{
|
|
"name": "21179",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21179"
|
|
},
|
|
{
|
|
"name": "21192",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21192"
|
|
},
|
|
{
|
|
"name": "21190",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21190"
|
|
},
|
|
{
|
|
"name": "21185",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21185"
|
|
},
|
|
{
|
|
"name": "15644",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/15644"
|
|
},
|
|
{
|
|
"name": "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html",
|
|
"refsource": "MISC",
|
|
"url": "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html"
|
|
},
|
|
{
|
|
"name": "21191",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/21191"
|
|
}
|
|
]
|
|
}
|
|
} |