CVE-2005-2468

Name of the Vulnerable Software and Affected Versions Eventum versions 1.5.5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the isCorrectPassword or userExist function in class.auth.php, getCustomFieldReport function in custom fields.php, custom fields graph.php, or class.report.php, or the insert function in releases.php or class.release.php.

Recommendations For Eventum versions 1.5.5 and earlier, consider disabling the isCorrectPassword and userExist functions in class.auth.php, as well as the getCustomFieldReport function in custom fields.php, custom fields graph.php, and class.report.php, and the insert function in releases.php and class.release.php until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.