CVE-2005-1236

Name of the Vulnerable Software and Affected Versions: DUportal versions 3.1.2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the iChannel parameter to "channel.asp" or "search.asp", the iData parameter to "detail.asp" or "inc rating.asp", the iCat parameter to "detail.asp" or "type.asp", the DAT PARENT parameter to "inc poll voting.asp", or the iRate parameter to "inc rating.asp".

Recommendations: For DUportal version 3.1.2, update to a version that addresses these SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the affected API endpoints, such as "channel.asp", "search.asp", "detail.asp", "inc rating.asp", "type.asp", and "inc poll voting.asp", to minimize the risk of exploitation. Avoid using the parameters iChannel, iData, iCat, DAT PARENT, and iRate in the respective affected API endpoints until the issue is resolved.