CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1875

HIGH
7.5
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile24.59th
PublishedJun 2, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.

Affected Platforms (CPE)

πŸ“¦
Exhibit Engine

Exhibit Engine

= 1.22
πŸ“¦
Exhibit Engine

Exhibit Engine

= 1.54_rc4

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=111773894525119&w=2
πŸ”— http://photography-on-the.net/forum/showthread.php?p=579692
πŸ”— http://secunia.com/advisories/15583
πŸ”— http://www.osvdb.org/17006
πŸ”— http://www.securityfocus.com/bid/13844
πŸ”— http://marc.info/?l=bugtraq&m=111773894525119&w=2
πŸ”— http://photography-on-the.net/forum/showthread.php?p=579692
πŸ”— http://secunia.com/advisories/15583

Related Vulnerabilities

CVE-2006-718310.0

PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute a...

CVE-2006-52927.5

PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to exe...

CVE-2006-71846.8

Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to ex...

CVE-2005-129910.0

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.