Lucene search
MitreCVE-2005-4135HistoryDec 09, 2005 - 3:03 p.m.
CVE-2005-4135
2005-12-0915:03:00
mitre
web.nvd.nist.gov
31
cve-2005-4135
code injection
simplebbs
security vulnerability
remote execution
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8
Confidence
High
EPSS
0.043
Percentile
92.4%
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
Affected configurations
Node
simplemediasimplebbsMatch1.0.6
ORsimplemediasimplebbsMatch1.0.7
ORsimplemediasimplebbsMatch1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simplemedia | simplebbs | 1.0.6 | cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:* |
| simplemedia | simplebbs | 1.0.7 | cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:* |
| simplemedia | simplebbs | 1.1 | cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
SimpleBBS 1.1 - Remote Command Execution
2005-12-07 00:00:00
cvelist
cvelist
CVE-2005-4135
2005-12-09 15:00:00
nessus
nessus
SimpleBBS topics.php name Parameter Arbitrary Command Execution
2005-12-14 00:00:00
nvd
nvd
CVE-2005-4135
2005-12-09 15:03:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8
Confidence
High
EPSS
0.043
Percentile
92.4%
Related for CVE-2005-4135