CVE-2005-1562

Name of the Vulnerable Software and Affected Versions MaxWebPortal versions 1.3.5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including fpassword to "inc functions.asp", txtAddress, message, or subject to "post info.asp", andor to "search.asp", verkey to "pop profile.asp", or Remove or Delete to "pm delete2.asp".

Recommendations For MaxWebPortal versions 1.3.5 and earlier, update to a version later than 1.3.5 to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "inc functions.asp", "post info.asp", "search.asp", "pop profile.asp", and "pm delete2.asp", until a patch is available. Avoid using the parameters fpassword, txtAddress, message, subject, andor, verkey, Remove, and Delete in the affected API endpoints until the issue is resolved.