CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
82.9%
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
Vendor | Product | Version | CPE |
---|---|---|---|
mysql | eventum | 1.1 | cpe:2.3:a:mysql:eventum:1.1:*:*:*:*:*:*:* |
mysql | eventum | 1.2 | cpe:2.3:a:mysql:eventum:1.2:*:*:*:*:*:*:* |
mysql | eventum | 1.2.2 | cpe:2.3:a:mysql:eventum:1.2.2:*:*:*:*:*:*:* |
mysql | eventum | 1.3 | cpe:2.3:a:mysql:eventum:1.3:*:*:*:*:*:*:* |
mysql | eventum | 1.3.1 | cpe:2.3:a:mysql:eventum:1.3.1:*:*:*:*:*:*:* |
mysql | eventum | 1.4 | cpe:2.3:a:mysql:eventum:1.4:*:*:*:*:*:*:* |
mysql | eventum | 1.5.4 | cpe:2.3:a:mysql:eventum:1.5.4:*:*:*:*:*:*:* |
mysql | eventum | 1.5.5 | cpe:2.3:a:mysql:eventum:1.5.5:*:*:*:*:*:*:* |
lists.mysql.com/eventum-users/2072
marc.info/?l=bugtraq&m=112292193807958&w=2
secunia.com/advisories/16304
securitytracker.com/id?1014603
www.gulftech.org/?node=research&article_id=00093-07312005
www.osvdb.org/18403
www.osvdb.org/18404
www.osvdb.org/18405
www.osvdb.org/18406
www.securityfocus.com/bid/14437
www.vupen.com/english/advisories/2005/1287