Lucene search

MitreCVE-2005-2415

HistoryAug 03, 2005 - 4:00 a.m.

CVE-2005-2415

2005-08-0304:00:00

mitre

web.nvd.nist.gov

cve-2005-2415

sql injection

contrexx

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.016

Percentile

87.5%

JSON

Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.

Affected configurations

Nvd

Node

astalavista_it_engineeringcontrexxRange≤1.0.4

VendorProductVersionCPE
astalavista_it_engineeringcontrexx*cpe:2.3:a:astalavista_it_engineering:contrexx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
astalavista_it_engineering	contrexx	*	cpe:2.3:a:astalavista_it_engineering:contrexx::::::::

References

marc.info/?l=bugtraq&m=112206702015439&w=2

secunia.com/advisories/16169

securitytracker.com/id?1014554

www.hardened-php.net/advisory_112005.59.html

www.osvdb.org/18166

www.osvdb.org/18167

www.securityfocus.com/bid/14352

exchange.xforce.ibmcloud.com/vulnerabilities/21482

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.016

Percentile

87.5%

JSON

Related for CVE-2005-2415