JVN/CVE Demo: Cveinfos

CVE

Id: 13679
CVE No.: CVE-2005-2473
Status: Candidate
Description: Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
Phase: Assigned (20050805)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
99515	13679	CVE-2005-2473	BUGTRAQ:20050801 ChurchInfo Multiple Vulnerabilities	View
99516	13679	CVE-2005-2473	URL:http://marc.info/?l=bugtraq&m=112291550713546&w=2	View
99517	13679	CVE-2005-2473	BID:14438	View
99518	13679	CVE-2005-2473	URL:http://www.securityfocus.com/bid/14438	View
99519	13679	CVE-2005-2473	OSVDB:18408	View
99520	13679	CVE-2005-2473	URL:http://www.osvdb.org/18408	View
99521	13679	CVE-2005-2473	OSVDB:18409	View
99522	13679	CVE-2005-2473	URL:http://www.osvdb.org/18409	View
99523	13679	CVE-2005-2473	OSVDB:18410	View
99524	13679	CVE-2005-2473	URL:http://www.osvdb.org/18410	View
99525	13679	CVE-2005-2473	OSVDB:18411	View
99526	13679	CVE-2005-2473	URL:http://www.osvdb.org/18411	View
99527	13679	CVE-2005-2473	OSVDB:18412	View
99528	13679	CVE-2005-2473	URL:http://www.osvdb.org/18412	View
99529	13679	CVE-2005-2473	OSVDB:18413	View
99530	13679	CVE-2005-2473	URL:http://www.osvdb.org/18413	View
99531	13679	CVE-2005-2473	OSVDB:18414	View
99532	13679	CVE-2005-2473	URL:http://www.osvdb.org/18414	View
99533	13679	CVE-2005-2473	OSVDB:18415	View
99534	13679	CVE-2005-2473	URL:http://www.osvdb.org/18415	View
99535	13679	CVE-2005-2473	OSVDB:18416	View
99536	13679	CVE-2005-2473	URL:http://www.osvdb.org/18416	View
99537	13679	CVE-2005-2473	OSVDB:18417	View
99538	13679	CVE-2005-2473	URL:http://www.osvdb.org/18417	View
99539	13679	CVE-2005-2473	OSVDB:18418	View
99540	13679	CVE-2005-2473	URL:http://www.osvdb.org/18418	View
99541	13679	CVE-2005-2473	OSVDB:18419	View
99542	13679	CVE-2005-2473	URL:http://www.osvdb.org/18419	View
99543	13679	CVE-2005-2473	OSVDB:18420	View
99544	13679	CVE-2005-2473	URL:http://www.osvdb.org/18420	View
99545	13679	CVE-2005-2473	OSVDB:18421	View
99546	13679	CVE-2005-2473	URL:http://www.osvdb.org/18421	View
99547	13679	CVE-2005-2473	OSVDB:18422	View
99548	13679	CVE-2005-2473	URL:http://www.osvdb.org/18422	View
99549	13679	CVE-2005-2473	OSVDB:18423	View
99550	13679	CVE-2005-2473	URL:http://www.osvdb.org/18423	View
99551	13679	CVE-2005-2473	OSVDB:18424	View
99552	13679	CVE-2005-2473	URL:http://www.osvdb.org/18424	View
99553	13679	CVE-2005-2473	OSVDB:18427	View
99554	13679	CVE-2005-2473	URL:http://www.osvdb.org/18427	View
99555	13679	CVE-2005-2473	OSVDB:18428	View
99556	13679	CVE-2005-2473	URL:http://www.osvdb.org/18428	View
99557	13679	CVE-2005-2473	SECTRACK:1014617	View
99558	13679	CVE-2005-2473	URL:http://securitytracker.com/id?1014617	View
99559	13679	CVE-2005-2473	SECUNIA:16292	View
99560	13679	CVE-2005-2473	URL:http://secunia.com/advisories/16292	View
99561	13679	CVE-2005-2473	XF:churchinfo-sql-injection(21647)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
62634	JVNDB-2005-000874	UnZip のファイル解凍時におけるパーミッションの処理に競合状態の脆弱性	Info-ZIP が提供する UnZip には、ファイルの解凍時のパーミッションの処理に競合状態が発生する脆弱性により、リンク先のファイルのパーミッションを変更可能な問題があります。	CVE-2005-2475	13679	1.2		http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000874.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.33 MB
View render complete	2.80 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.59
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	503.63
Event: Controller.beforeRender	5.35
» Processing toolbar data	5.25
Rendering View	19.88
» Event: View.beforeRender	0.03
» Rendering APP/View/Cveinfos/view.ctp	18.74
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.61
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.11
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/13679
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/13679
Remote Port	48945
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.167
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.66.129
Http Via	1.1 squid-proxy-5b5d847c96-sh5pg (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.167
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.167
Unique Id	aNyBSbvxOaSRfocskdy3iAAAAWU
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.167
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.167
Redirect Unique Id	aNyBSbvxOaSRfocskdy3iAAAAWU
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.167
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.167
Redirect Redirect Unique Id	aNyBSbvxOaSRfocskdy3iAAAAWU
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1759281481.7649
Request Time	1759281481

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files