CVE-2005-0454

Name of the Vulnerable Software and Affected Versions DCP-Portal versions 6.1.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the lcat, doc, or uid parameters to "index.php", or the mid or bid parameters to "forums.php".

Recommendations For DCP-Portal versions 6.1.1 and earlier, update to a version later than 6.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters lcat, doc, uid, mid, and bid in the affected API endpoints "index.php" and "forums.php" until a patch is available.