CVE-2005-1633
CVE-2005-1633
Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to (jgs_portal_beitraggraf.php, 4) tag parameter to (jgs_portal_viewsgraf.php, 5) year parameter to (jgs_portal_themengraf.php, 6) year parameter to (jgs_portal_mitgraf.php, 7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php.
Affected products
n/a · n/apublic PoCs found — 7
exploitdbwww.exploit-db.com/exploits/25674unverifiedexploitdbwww.exploit-db.com/exploits/25675unverifiedexploitdbwww.exploit-db.com/exploits/25678unverifiedexploitdbwww.exploit-db.com/exploits/25679unverifiedexploitdbwww.exploit-db.com/exploits/25673unverifiedexploitdbwww.exploit-db.com/exploits/25677unverifiedexploitdbwww.exploit-db.com/exploits/25676unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →