Lucene search

MitreCVE-2005-1373

HistoryMay 03, 2005 - 4:00 a.m.

CVE-2005-1373

2005-05-0304:00:00

mitre

web.nvd.nist.gov

cve

2005

1373

sql injection

vulnerabilities

dream4 koobi cms

remote attackers

arbitrary sql commands

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON

Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.

Affected configurations

Nvd

Node

dream4koobi_cmsMatch4.2.3

VendorProductVersionCPE
dream4koobi_cms4.2.3cpe:2.3:a:dream4:koobi_cms:4.2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dream4	koobi_cms	4.2.3	cpe:2.3:a:dream4:koobi_cms:4.2.3:::::::*

References

marc.info/?l=bugtraq&m=111464009913703&w=2

secunia.com/advisories/14696

www.osvdb.org/15997

www.securityfocus.com/bid/13412

www.securityfocus.com/bid/13413

exchange.xforce.ibmcloud.com/vulnerabilities/20293

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON

Related for CVE-2005-1373