CVE-2005-1417

N/A Unknown
Published: May 03, 2005 Modified: April 16, 2026
View on NVD

Description

Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/15214
Source: cve@mitre.org
http://securitytracker.com/id?1013845
Source: cve@mitre.org
Exploit
http://www.maxwebportal.info/downloads/mwp_security_fixes.zip
Source: cve@mitre.org
Patch
http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update
Source: cve@mitre.org
http://www.securityfocus.com/bid/13466
Source: cve@mitre.org
Exploit
http://secunia.com/advisories/15214
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1013845
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.maxwebportal.info/downloads/mwp_security_fixes.zip
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/13466
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
64th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

maxwebportal