Lucene search

MitreCVE-2005-4232

HistoryDec 14, 2005 - 11:03 a.m.

CVE-2005-4232

2005-12-1411:03:00

CWE-89

mitre

web.nvd.nist.gov

cve-2005-4232

sql injection

jamit job board

index.php

remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.005

Percentile

76.6%

JSON

SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying “The vulnerability is without any basis and did not actually work.” CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection

Affected configurations

Nvd

Node

jamitjamit_job_boardRange≤2.4.1

VendorProductVersionCPE
jamitjamit_job_board*cpe:2.3:a:jamit:jamit_job_board:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jamit	jamit_job_board	*	cpe:2.3:a:jamit:jamit_job_board::::::::

References

pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html

secunia.com/advisories/18007

www.attrition.org/pipermail/vim/2006-August/000972.html

www.osvdb.org/21687

www.securityfocus.com/bid/15848

www.vupen.com/english/advisories/2005/2879

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.005

Percentile

76.6%

JSON

Related for CVE-2005-4232