Lucene search

MitreCVE-2005-3951

HistoryDec 01, 2005 - 11:00 a.m.

CVE-2005-3951

2005-12-0111:00:00

mitre

web.nvd.nist.gov

sql injection

vulnerability

survey.php

php labs survey wizard

remote attackers

execute arbitrary

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter.

Affected configurations

Nvd

Node

php_labssurvey_wizard

VendorProductVersionCPE
php_labssurvey_wizard*cpe:2.3:a:php_labs:survey_wizard:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_labs	survey_wizard	*	cpe:2.3:a:php_labs:survey_wizard::::::::

References

pridels0.blogspot.com/2005/11/survey-wizard-sid-sql-injection-vuln.html

secunia.com/advisories/17686

www.osvdb.org/21104

www.vupen.com/english/advisories/2005/2553

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Related for CVE-2005-3951