Lucene search

MitreCVE-2005-3363

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3363

2005-10-3014:34:00

mitre

web.nvd.nist.gov

sql injection

saphp lesson

remote attackers

nvd

cve-2005-3363

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.028

Percentile

90.7%

JSON

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Affected configurations

Nvd

Node

saphpsaphplessonMatch1.1

saphpsaphplessonMatch2.0

VendorProductVersionCPE
saphpsaphplesson1.1cpe:2.3:a:saphp:saphplesson:1.1:*:*:*:*:*:*:*
saphpsaphplesson2.0cpe:2.3:a:saphp:saphplesson:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
saphp	saphplesson	1.1	cpe:2.3:a:saphp:saphplesson:1.1:::::::*
saphp	saphplesson	2.0	cpe:2.3:a:saphp:saphplesson:2.0:::::::*

References

marc.info/?l=bugtraq&m=113018965520240&w=2

secunia.com/advisories/17308/

securityreason.com/securityalert/111

www.attrition.org/pipermail/vim/2005-October/000313.html

www.osvdb.org/20289

www.osvdb.org/20290

www.securityfocus.com/archive/1/430906/30/5610/threaded

www.securityfocus.com/archive/1/440120/100/0/threaded

www.securityfocus.com/archive/1/472799/100/0/threaded

www.securityfocus.com/bid/15185

exchange.xforce.ibmcloud.com/vulnerabilities/22861

exchange.xforce.ibmcloud.com/vulnerabilities/27746

www.exploit-db.com/exploits/1530

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.028

Percentile

90.7%

JSON

Related for CVE-2005-3363