CVE-2005-4195

Name of the Vulnerable Software and Affected Versions Scout Portal Toolkit (SPT) versions 1.3.1 and earlier Scout Portal Toolkit (SPT) version 1.4.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different PHP files, including the ParentId parameter in "SPT--BrowseResources.php", the ResourceId parameter in "SPT--FullRecord.php", the ResourceOffset parameter in "SPT--Home.php", and the F UserName and F Password parameters in "SPT--UserLogin.php".

Recommendations For Scout Portal Toolkit (SPT) versions 1.3.1 and earlier, consider restricting access to the vulnerable PHP files until a patch is available. For Scout Portal Toolkit (SPT) version 1.4.0, avoid using the ParentId parameter in "SPT--BrowseResources.php" until the issue is resolved. As a temporary workaround, consider disabling the SQL execution functionality in the affected parameters until a patch is available. Restrict access to the F UserName and F Password parameters in "SPT--UserLogin.php" to minimize the risk of exploitation.