Lucene search

MitreCVE-2005-0475

HistoryMar 30, 2005 - 5:00 a.m.

CVE-2005-0475

2005-03-3005:00:00

mitre

web.nvd.nist.gov

sql injection

pafaq

vulnerability

remote execution

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

8.4

Confidence

Low

EPSS

0.006

Percentile

78.1%

JSON

SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.

Affected configurations

Nvd

Node

php_arenapafaqMatchbeta4

VendorProductVersionCPE
php_arenapafaqbeta4cpe:2.3:a:php_arena:pafaq:beta4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_arena	pafaq	beta4	cpe:2.3:a:php_arena:pafaq:beta4:::::::*

References

marc.info/?l=bugtraq&m=110868808723487&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/19371

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

8.4

Confidence

Low

EPSS

0.006

Percentile

78.1%

JSON

Related for CVE-2005-0475