Unrated severityNVD Advisory· Published Dec 14, 2005· Updated Apr 16, 2026

CVE-2005-4223

Description

Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.

Affected products

Utopia Software/Utopia News Pro
cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/17988/nvdPatchVendor Advisory
www.osvdb.org/21645nvdPatch
www.osvdb.org/21646nvdPatch
www.osvdb.org/21647nvdPatch
www.osvdb.org/21648nvdPatch
www.osvdb.org/21649nvdPatch
glide.stanford.edu/yichen/research/sec.pdfnvd
www.securityfocus.com/archive/1/419280/100/0/threadednvd
www.securityfocus.com/archive/1/419487/100/0/threadednvd
www.vupen.com/english/advisories/2005/2859nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23564nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000