CVE-2005-3325

Name of the Vulnerable Software and Affected Versions Analysis Console for Intrusion Databases (ACID) version 0.9.6b20 Basic Analysis and Security Engine (BASE) version 1.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in certain console scripts, including acid qry main.php in ACID and base qry main.php in BASE. The sig[1] parameter is specifically mentioned as a vector for this attack, and it is possible that other parameters are also vulnerable.

Recommendations For Analysis Console for Intrusion Databases (ACID) version 0.9.6b20, consider restricting access to the acid qry main.php script until a patch is available. For Basic Analysis and Security Engine (BASE) version 1.2, consider restricting access to the base qry main.php script until a patch is available. Avoid using the sig[1] parameter in the affected API endpoints until the issue is resolved.