Lucene search

MitreCVE-2005-4027

HistoryDec 05, 2005 - 11:03 a.m.

CVE-2005-4027

2005-12-0511:03:00

CWE-89

mitre

web.nvd.nist.gov

cve-2005-4027

sql injection

simplebbs 1.1

remote attackers

arbitrary commands

search module parameters

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

65.3%

JSON

SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.

Affected configurations

Nvd

Node

simplemediasimplebbsMatch1.1

VendorProductVersionCPE
simplemediasimplebbs1.1cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simplemedia	simplebbs	1.1	cpe:2.3:a:simplemedia:simplebbs:1.1:::::::*

References

pridels0.blogspot.com/2005/11/simplebbs-v11-sql-inj-vuln.html

www.osvdb.org/21399

www.securityfocus.com/bid/15594

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

65.3%

JSON

Related for CVE-2005-4027