Lucene search

MitreCVE-2005-1287

HistoryApr 26, 2005 - 4:00 a.m.

CVE-2005-1287

2005-04-2604:00:00

mitre

web.nvd.nist.gov

sql injection

bk forum 4.0

remote attackers

arbitrary commands

vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.

Affected configurations

Nvd

Node

bk_devbk_forumRange≤4

VendorProductVersionCPE
bk_devbk_forum*cpe:2.3:a:bk_dev:bk_forum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bk_dev	bk_forum	*	cpe:2.3:a:bk_dev:bk_forum::::::::

References

marc.info/?l=bugtraq&m=111428133317901&w=2

secunia.com/advisories/15072

securitytracker.com/id?1013793

www.digitalparadox.org/advisories/bkdev.txt

www.osvdb.org/15784

www.osvdb.org/15785

www.osvdb.org/15786

www.securityfocus.com/archive/1/431659/100/0/threaded

www.securityfocus.com/archive/1/431863/100/0/threaded

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Related for CVE-2005-1287