SQL Injection Vulnerabilities in Zomplog 3.4 by Zomplog
CVE-2005-3309

Currently unrated

Key Information:

Vendor: Zomplog
Status: Zomplog
Vendor: CVE Published:; 26 October 2005

What is CVE-2005-3309?

The Zomplog 3.4 application is susceptible to multiple SQL injection vulnerabilities that permit remote attackers to perform unauthorized SQL command execution. This can be achieved via the 'id' parameter in the detail.php file, as well as the 'catid' parameter in both the get.php and index.php scripts. These vulnerabilities can lead to exposure of sensitive information and compromise the integrity of the application.

References

http://www.osvdb.org/20250

vdb-entryx_refsource_OSVDB

http://www.osvdb.org/20252

vdb-entryx_refsource_OSVDB

http://www.osvdb.org/20251

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2005
Vulnerability Reserved
Oct 26, 2005

JSON