Lucene search

MitreCVE-2005-3952

HistoryDec 01, 2005 - 11:00 a.m.

CVE-2005-3952

2005-12-0111:00:00

CWE-89

mitre

web.nvd.nist.gov

cve-2005-3952

sql injection

php labs top auction

remote attackers

execute arbitrary sql commands

viewcat.php

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.015

Percentile

87.0%

JSON

SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.

Affected configurations

Nvd

Node

php_labstop_auctionMatch1.0

VendorProductVersionCPE
php_labstop_auction1.0cpe:2.3:a:php_labs:top_auction:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_labs	top_auction	1.0	cpe:2.3:a:php_labs:top_auction:1.0:::::::*

References

pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html

secunia.com/advisories/17687

www.osvdb.org/21105

www.osvdb.org/21106

www.securityfocus.com/archive/1/466565/100/200/threaded

www.securityfocus.com/archive/1/466569/100/200/threaded

www.securityfocus.com/bid/15547

www.vupen.com/english/advisories/2005/2552

www.exploit-db.com/exploits/3456

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.015

Percentile

87.0%

JSON

Related for CVE-2005-3952