CVE-2005-1633

Name of the Vulnerable Software and Affected Versions JGS-XA JGS-Portal versions 3.0.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including anzahl beitraege to "jgs portal.php", year to "jgs portal statistik.php", "jgs portal beitraggraf.php", "jgs portal themengraf.php", and "jgs portal mitgraf.php", tag to "jgs portal viewsgraf.php", id to "jgs portal sponsor.php", or the Accept-Language header to "jgs portal log.php".

Recommendations For JGS-XA JGS-Portal versions 3.0.2 and earlier, consider disabling the affected parameters, such as anzahl beitraege, year, tag, and id, until a patch is available. Additionally, restrict access to the Accept-Language header in "jgs portal log.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.