Lucene search

[email protected]NVD:CVE-2005-1287

HistoryApr 23, 2005 - 4:00 a.m.

CVE-2005-1287

2005-04-2304:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.

Affected configurations

Nvd

Node

bk_devbk_forumRange≤4

VendorProductVersionCPE
bk_devbk_forum*cpe:2.3:a:bk_dev:bk_forum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bk_dev	bk_forum	*	cpe:2.3:a:bk_dev:bk_forum::::::::

References

marc.info/?l=bugtraq&m=111428133317901&w=2

secunia.com/advisories/15072

securitytracker.com/id?1013793

www.digitalparadox.org/advisories/bkdev.txt

www.osvdb.org/15784

www.osvdb.org/15785

www.osvdb.org/15786

www.securityfocus.com/archive/1/431659/100/0/threaded

www.securityfocus.com/archive/1/431863/100/0/threaded

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Related for NVD:CVE-2005-1287

cvelist1 cve1 exploitdb1