Lucene search

[email protected]CVE-2005-3816

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3816

2005-11-2602:03:00

[email protected]

web.nvd.nist.gov

sql injection

forum.php

freeforum 1.1

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.

Affected configurations

NVD

Node

zoneo-softfreeforumRange≤1.1

CPENameOperatorVersion
zoneo-soft:freeforumzoneo-soft freeforumle1.1

CPE	Name	Operator	Version
zoneo-soft:freeforum	zoneo-soft freeforum	le	1.1

References

pridels0.blogspot.com/2005/11/freeforum-1x-cat-and-thread-sql-inj.html

secunia.com/advisories/17720

securitytracker.com/id?1015269

www.osvdb.org/21086

www.securityfocus.com/bid/15559

www.vupen.com/english/advisories/2005/2571

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2005-3816

nvd1 cvelist1