SQL Injection Vulnerability in NewsletterEz by ezdwc
CVE-2005-1750

Currently unrated

Key Information:

Vendor: Distinct Web Creations
Status: Newsletterez
Vendor: CVE Published:; 25 May 2005

🔔 Create Distinct Web Creations Vulnerability Alert

What is CVE-2005-1750?

The vulnerability in NewsletterEz 3.0 allows remote attackers to manipulate SQL queries through the password parameter in login.asp. By exploiting this flaw, attackers can execute arbitrary SQL commands, potentially gaining unauthorized access to sensitive data and affecting the integrity of the database. It is critical for users of this software to apply security patches and adhere to best practices to mitigate risks.

References

http://www.securityfocus.com/bid/13730

vdb-entryx_refsource_BID

http://www.under9round.com/nez.txt

x_refsource_MISC

http://securitytracker.com/id?1014038

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2005
Vulnerability Reserved
May 25, 2005