Description
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by s-dalili · textwebappsasp
https://www.exploit-db.com/exploits/25586
exploitdb
WORKING POC
VERIFIED
by s-dalili · textwebappsasp
https://www.exploit-db.com/exploits/25588
exploitdb
WORKING POC
VERIFIED
by s-dalili · textwebappsasp
https://www.exploit-db.com/exploits/25585
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13466
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15214
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013845
Patch x_refsource_confirm
http://www.maxwebportal.info/downloads/mwp_security_fixes.zip
Various Sources x_refsource_confirm
http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update
Scores
EPSS
0.0045
EPSS Percentile
63.6%
Details
Status
published
Products (6)
maxwebportal/maxwebportal
1.3.0
maxwebportal/maxwebportal
1.3.1
maxwebportal/maxwebportal
1.3.2
maxwebportal/maxwebportal
1.3.3
maxwebportal/maxwebportal
1.3.5
maxwebportal/maxwebportal
2.0
Published
May 03, 2005
Tracked Since
Feb 18, 2026