Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-4606

Description

SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.

Affected products

Webwiz/Database Login
cpe:2.3:a:webwiz:database_login:*:*:*:*:*:*:*:*
Range: <=1.71
Webwiz/Journal
cpe:2.3:a:webwiz:journal:*:*:*:*:*:*:*:*
Range: <=1.0
Webwiz/Site News2 versions
cpe:2.3:a:webwiz:site_news:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:webwiz:site_news:*:*:*:*:*:*:*:*range: <=3.06
- cpe:2.3:a:webwiz:site_news:2.00:*:*:*:*:*:*:*
Webwiz/Weekly Poll
cpe:2.3:a:webwiz:weekly_poll:*:*:*:*:*:*:*:*
Range: <=3.06

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18263nvdPatchVendor Advisory
www.securityfocus.com/bid/16085nvdExploit
securityreason.com/securityalert/305nvd
www.osvdb.org/22148nvd
www.securityfocus.com/archive/1/420551/100/0/threadednvd
www.vupen.com/english/advisories/2006/0007nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000