SQL Injection Vulnerabilities in MySQL Eventum by MySQL
CVE-2005-2468

Currently unrated

Key Information:

Vendor: Mysql
Status: Eventum
Vendor: CVE Published:; 31 December 2005

What is CVE-2005-2468?

MySQL Eventum 1.5.5 and earlier versions are susceptible to multiple SQL injection vulnerabilities. Remote attackers can exploit these flaws by invoking functions such as isCorrectPassword, userExist, or getCustomFieldReport, which are located in files like class.auth.php, custom_fields.php, and class.report.php. Additionally, the insert function in releases.php and class.release.php is also vulnerable. By successfully exploiting these vulnerabilities, attackers can execute arbitrary SQL commands, potentially compromising the integrity and security of the application.

References

http://www.osvdb.org/18404

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2005/1287

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/16304

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Aug 5, 2005

JSON

Mysql

What is CVE-2005-2468?

References

Timeline