CVE-2005-4419

Name of the Vulnerable Software and Affected Versions Honeycomb Archive versions 3.0 Honeycomb Archive Enterprise versions 3.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the CategoryResults.cfm file. The vulnerable parameters are series, cat parent, cat, and div.

Recommendations For Honeycomb Archive version 3.0, update to a version that includes a fix for the SQL injection vulnerabilities. For Honeycomb Archive Enterprise version 3.0, update to a version that includes a fix for the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the CategoryResults.cfm file until a patch is available. Avoid using the parameters series, cat parent, cat, and div in the affected CategoryResults.cfm file until the issue is resolved.