CVE-2005-4486

Name of the Vulnerable Software and Affected Versions Quantum Art QP7.Enterprise (affected versions not specified)

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the p news id parameter to API endpoints such as "news and events new.asp" and "news.asp". There is a dispute regarding the accuracy of this report from the vendor, but evidence suggests that at least "news and events new.asp" may be vulnerable to forced invalid SQL syntax errors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.