CVE-2005-1236

DUware DUportal 3.1.2 - SQL Injection

Title source: llm
STIX 2.1

Description

Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.

Exploits (4)

exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25485
exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25484
exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25483
exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25482

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15044
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13288

Scores

EPSS 0.0028
EPSS Percentile 51.3%

Details

Status published
Products (2)
duware/duportal 3.1.2
duware/duportal 3.1.2_sql
Published May 02, 2005
Tracked Since Feb 18, 2026