PHPWebSite多个输入验证漏洞

漏洞信息详情

PHPWebSite多个输入验证漏洞

• CNNVD编号：CNNVD-200409-001
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1654
  
• 漏洞类型：
  
  
  SQL注入
  
• 发布时间：
  
  2004-09-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  phpwebsite
• 漏洞来源：
  .’);”>Discovery of these…

phpWebsite 0.9.3-4及其早期版本的calendar模块存在SQL注入漏洞。远程攻击者借助cal_template执行任意SQL命令。

The vendor has released an update to address these vulnerabilities:
phpWebsite phpWebsite 0.7.3

• phpWebsite phpwebsite-core-security-patch.tar.gz
  
  http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
  security-patch.tar.gz

phpWebsite phpWebsite 0.8.2

• phpWebsite phpwebsite-core-security-patch.tar.gz
  
  http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
  security-patch.tar.gz

phpWebsite phpWebsite 0.8.3

• phpWebsite phpwebsite-core-security-patch.tar.gz
  
  http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
  security-patch.tar.gz

phpWebsite phpWebsite 0.9.3 -4

• phpWebsite phpwebsite-core-security-patch.tar.gz
  
  http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
  security-patch.tar.gz

phpWebsite phpWebsite 0.9.3

• phpWebsite phpwebsite-core-security-patch.tar.gz
  
  http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
  security-patch.tar.gz

来源: XF
名称: phpwebsite-calendar-module-sql-injection(17199)
链接:http://xforce.iss.net/xforce/xfdb/17199

来源: BID
名称: 11088
链接:http://www.securityfocus.com/bid/11088

来源: www.phpwebsite.appstate.edu
链接:http://www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=822

来源: www.gulftech.org
链接:http://www.gulftech.org/?node=research&article_id=00048-08312004

来源: SECUNIA
名称: 12438
链接:http://secunia.com/advisories/12438

来源: BUGTRAQ
名称: 20040901 Multiple Vulnerabilities In phpWebsite
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109413493005513&w=2