VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Oct 30, 2005· Updated Apr 16, 2026

CVE-2005-3365

CVE-2005-3365

Description

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.

Affected products

13
  • Dcp Portal/Dcp Portal13 versions
    cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:codeworx_technologies:dcp-portal:6.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

12

News mentions

0

No linked articles in our index yet.