Lucene search
HistoryNov 29, 2005 - 11:03 a.m.
CVE-2005-3868
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.006
Percentile
78.6%
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
Affected configurations
Node
turn-kk-searchRange≤1.0
Related
cve
cve
CVE-2005-3868
2005-11-29 11:03:00
exploitdb
exploitdb
K-Search 1.0 - SQL Injection
2005-11-28 00:00:00
K-Search - SQL Injection / Cross-Site Scripting
2010-06-22 00:00:00
cvelist
cvelist
CVE-2005-3868
2005-11-29 11:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.006
Percentile
78.6%
Related for NVD:CVE-2005-3868