Lucene search

MitreCVE-2005-3682

HistoryNov 18, 2005 - 11:03 p.m.

CVE-2005-3682

2005-11-1823:03:00

mitre

web.nvd.nist.gov

cve-2005-3682

sql injection

wizz forum

security vulnerability

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.012

Percentile

85.3%

JSON

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

Affected configurations

Nvd

Node

wizz_forumwizz_forumMatch1.20

VendorProductVersionCPE
wizz_forumwizz_forum1.20cpe:2.3:a:wizz_forum:wizz_forum:1.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wizz_forum	wizz_forum	1.20	cpe:2.3:a:wizz_forum:wizz_forum:1.20:::::::*

References

marc.info/?l=bugtraq&m=113201564319843&w=2

secunia.com/advisories/17548/

securityreason.com/securityalert/181

www.osvdb.org/20845

www.osvdb.org/20846

www.osvdb.org/20847

www.securityfocus.com/bid/15410/references

www.vupen.com/english/advisories/2005/2421

exchange.xforce.ibmcloud.com/vulnerabilities/23170

exchange.xforce.ibmcloud.com/vulnerabilities/23171

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.012

Percentile

85.3%

JSON

Related for CVE-2005-3682