Lucene search

MitreCVE-2005-2675

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-2675

2005-08-2304:00:00

mitre

web.nvd.nist.gov

cve-2005-2675

sql injection

ldu 800

remote attackers

arbitrary sql commands

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON

Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Affected configurations

Nvd

Node

neocromeland_down_underMatch800

VendorProductVersionCPE
neocromeland_down_under800cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
neocrome	land_down_under	800	cpe:2.3:a:neocrome:land_down_under:800:::::::*

References

marc.info/?l=bugtraq&m=112456235729717&w=2

securitytracker.com/id?1014747

www.neocrome.net

www.securityfocus.com/bid/14618

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON

Related for CVE-2005-2675