Lucene search

[email protected]NVD:CVE-2005-3236

HistoryOct 14, 2005 - 10:02 a.m.

CVE-2005-3236

2005-10-1410:02:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON

Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.

Affected configurations

Nvd

Node

cynoxcyphorMatch0.19

VendorProductVersionCPE
cynoxcyphor0.19cpe:2.3:a:cynox:cyphor:0.19:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cynox	cyphor	0.19	cpe:2.3:a:cynox:cyphor:0.19:::::::*

References

marc.info/?l=bugtraq&m=112879353805769&w=2

secunia.com/advisories/17104/

securityreason.com/securityalert/70

securitytracker.com/id?1015020

www.osvdb.org/19943

www.osvdb.org/19944

www.osvdb.org/19945

www.securityfocus.com/bid/15047

exchange.xforce.ibmcloud.com/vulnerabilities/22552

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON

Related for NVD:CVE-2005-3236

exploitdb2 cve1 cvelist1