CVE-2005-2062

Sažetak

Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.

Reference

http://echo.or.id/adv/adv21-theday-2005.txt
http://marc.info/?l=bugtraq&m=111963341429906&w=2
http://www.securityfocus.com/bid/23110
http://www.vupen.com/english/advisories/2007/1096
https://exchange.xforce.ibmcloud.com/vulnerabilities/33183
https://www.exploit-db.com/exploits/3550

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:30

Objavljeno

29-06-2005 - 04:00