Lucene search

[email protected]CVE-2005-4159

HistoryDec 11, 2005 - 11:03 a.m.

CVE-2005-4159

2005-12-1111:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4159

sql injection

smf

memberlist.php

arbitrary execution

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an “invalid SQL syntax error.” Multiple followups support the vendor

Affected configurations

NVD

Node

simple_machinessimple_machines_forumRange≤1.1_rc1

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumle1.1_rc1

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	le	1.1_rc1

References

archives.neohapsis.com/archives/bugtraq/2005-12/0090.html

www.securityfocus.com/archive/1/419068/100/0/threaded

www.securityfocus.com/archive/1/419105/100/0/threaded

www.securityfocus.com/archive/1/419250/100/0/threaded

www.securityfocus.com/archive/1/419535/100/0/threaded

www.securityfocus.com/bid/15791

exchange.xforce.ibmcloud.com/vulnerabilities/23546

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2005-4159

cvelist1 nvd1