CVE-2005-4227

Description

Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.

7.5
CVSS
Severity: High
CVSS 2.0 •
EPSS 3.54% Top 15%
Third-Party Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.osvdb.org/22021 vdb entry
http://www.securityfocus.com/archive/1/419280/100/0/threaded mailing list
http://www.osvdb.org/22028 vdb entry
http://www.osvdb.org/22027 vdb entry
http://www.osvdb.org/22017 vdb entry
http://www.osvdb.org/22025 vdb entry
http://www.osvdb.org/22026 vdb entry
http://secunia.com/advisories/12751 third party advisory
http://www.osvdb.org/22020 vdb entry
http://www.osvdb.org/22031 vdb entry
http://www.osvdb.org/22030 vdb entry
http://www.osvdb.org/22023 vdb entry
http://www.osvdb.org/22024 vdb entry
http://www.securityfocus.com/bid/15183 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/22855 vdb entry
http://glide.stanford.edu/yichen/research/sec.pdf
http://www.vupen.com/english/advisories/2005/2863 vdb entry
http://www.osvdb.org/22019 vdb entry
http://www.securityfocus.com/archive/1/419487/100/0/threaded mailing list
http://www.osvdb.org/22022 vdb entry
http://www.osvdb.org/22029 vdb entry
http://www.osvdb.org/22018 vdb entry

Frequently Asked Questions

What is the severity of CVE-2005-4227?
CVE-2005-4227 has been scored as a high severity vulnerability.
How to fix CVE-2005-4227?
To fix CVE-2005-4227, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2005-4227 being actively exploited in the wild?
It is possible that CVE-2005-4227 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.