CVE-2005-4616

Published Dec 31, 2005

Last updated 16 days ago

CVSS info 7.5

Overview

Description
SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter.
Source
cve@mitre.org
NVD status
Modified
Products
isupport

Risk scores

CVSS 2.0

Type
Primary
Base score
7.5
Impact score
6.4
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data as well as unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).CVE-2024-20944
  2. Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.CVE-2009-4434
  3. Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.CVE-2009-4433
  4. PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.CVE-2007-6539
  5. Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.CVE-2006-4884

References

Sources include official advisories and independent security research.