CVE-2005-4606

Name of the Vulnerable Software and Affected Versions Site News versions 3.06 and earlier Journal versions 1.0 and earlier Polls versions 3.06 and earlier Database Login versions 1.71 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the txtUserName parameter in the check user.asp file.

Recommendations For Site News versions 3.06 and earlier, update to a version later than 3.06 to resolve the issue. For Journal versions 1.0 and earlier, update to a version later than 1.0 to resolve the issue. For Polls versions 3.06 and earlier, update to a version later than 3.06 to resolve the issue. For Database Login versions 1.71 and earlier, update to a version later than 1.71 to resolve the issue. As a temporary workaround, consider restricting access to the check user.asp file until a patch is available. Avoid using the txtUserName parameter in the affected API endpoint until the issue is resolved.