Lucene search

MitreCVE-2005-3646

HistoryNov 17, 2005 - 11:02 a.m.

CVE-2005-3646

2005-11-1711:02:00

CWE-89

mitre

web.nvd.nist.gov

cve-2005-3646

sql injection

phpadsnew

phppgads

vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.018

Percentile

88.3%

JSON

Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.

Affected configurations

Nvd

Node

phpadsnewphpadsnewMatch2.0.4_pr1

phpadsnewphpadsnewMatch2.0.5

phpadsnewphpadsnewMatch2.0.6

phpadsnewphpadsnewMatch2.0.7_rc1

phpadsnewphpadsnewMatch2.0_beta5

phpadsnewphpadsnewMatch2.0_beta6

phpadsnewphpadsnewMatch2_dev_2001-09-30

phpadsnewphpadsnewMatch2_dev_2001-10-09

phppgadsphppgadsMatch2.0.6

VendorProductVersionCPE
phpadsnewphpadsnew2.0.4_pr1cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.5cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.6cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.7_rc1cpe:2.3:a:phpadsnew:phpadsnew:2.0.7_rc1:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0_beta5cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0_beta6cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:*:*:*:*:*:*:*
phpadsnewphpadsnew2_dev_2001-09-30cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:*:*:*:*:*:*:*
phpadsnewphpadsnew2_dev_2001-10-09cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
phppgadsphppgads2.0.6cpe:2.3:a:phppgads:phppgads:2.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpadsnew	phpadsnew	2.0.4_pr1	cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:::::::*
phpadsnew	phpadsnew	2.0.5	cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:::::::*
phpadsnew	phpadsnew	2.0.6	cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:::::::*
phpadsnew	phpadsnew	2.0.7_rc1	cpe:2.3:a:phpadsnew:phpadsnew:2.0.7_rc1:::::::*
phpadsnew	phpadsnew	2.0_beta5	cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:::::::*
phpadsnew	phpadsnew	2.0_beta6	cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:::::::*
phpadsnew	phpadsnew	2_dev_2001-09-30	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:::::::*
phpadsnew	phpadsnew	2_dev_2001-10-09	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:::::::*
phppgads	phppgads	2.0.6	cpe:2.3:a:phppgads:phppgads:2.0.6:::::::*

References

marc.info/?l=bugtraq&m=113165036315035&w=2

seclists.org/lists/bugtraq/2005/Nov/0189.html

secunia.com/advisories/17464/

secunia.com/advisories/17579

securityreason.com/securityalert/171

securityreason.com/securityalert/172

securitytracker.com/id?1015193

sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942

www.fitsec.com/advisories/FS-05-01.txt

www.osvdb.org/20744

www.osvdb.org/20745

www.securityfocus.com/bid/15385/

www.vupen.com/english/advisories/2005/2380

www.zone-h.org/en/advisories/read/id=8413/

exchange.xforce.ibmcloud.com/vulnerabilities/23044

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.018

Percentile

88.3%

JSON

Related for CVE-2005-3646