CVE-2005-2045

Name of the Vulnerable Software and Affected Versions DUportal PRO version 3.4.3

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the iChannel parameter to "default.asp", the iData parameter to "detail.asp", the iMem parameter to "members.asp", the iCat parameter to "cat.asp", the offset parameter to "members listing approval.asp", or the iChannel parameter to "channels edit.asp".

Recommendations For DUportal PRO version 3.4.3, as a temporary workaround, consider restricting access to the affected API endpoints, such as "default.asp", "detail.asp", "members.asp", "cat.asp", "members listing approval.asp", and "channels edit.asp", until a patch is available. Avoid using the parameters iChannel, iData, iMem, iCat, and offset in the respective affected endpoints until the issue is resolved.