CVE-2005-3325

NameCVE-2005-3325
DescriptionMultiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-893-1
NVD severityhigh (attack range: remote)
Debian Bugs335998, 336788

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
acidbasesource(unstable)1.2.1-1medium335998, 336788
acidlabsource(unstable)0.9.6b20-13high
acidlabsourcesarge0.9.6b20-10.1highDSA-893-1
acidlabsourcewoody0.9.6b20-2.1highDSA-893-1

Notes

the fix from 1.2-2 did not address the problem fully

Search for package or bug name: Reporting problems