CVE-2005-1417

Name of the Vulnerable Software and Affected Versions: MaxWebPortal versions 1.35 through 2.x

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various API endpoints, including "article popular.asp", "dl popular.asp", "links popular.asp", "pic popular.asp", "article rate.asp", "dl rate.asp", "links rate.asp", "pic rates.asp", "article toprated.asp", "dl toprated.asp", "links toprated.asp", "pic toprated.asp", or by manipulating the TOPIC ID or Forum ID parameters in "custom link.asp".

Recommendations: For MaxWebPortal versions 1.35 through 2.x, consider disabling the affected API endpoints until a patch is available. Restrict access to the TOPIC ID and Forum ID parameters in "custom link.asp" to minimize the risk of exploitation. Avoid using the arguments to the affected ASP pages in the meantime. At the moment, there is no information about a newer version that contains a fix for this vulnerability.