CVE-2005-3363

Sažetak

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Reference

http://marc.info/?l=bugtraq&m=113018965520240&w=2
http://secunia.com/advisories/17308/
http://securityreason.com/securityalert/111
http://www.attrition.org/pipermail/vim/2005-October/000313.html
http://www.osvdb.org/20289
http://www.osvdb.org/20290
http://www.securityfocus.com/archive/1/430906/30/5610/threaded
http://www.securityfocus.com/archive/1/440120/100/0/threaded
http://www.securityfocus.com/archive/1/472799/100/0/threaded
http://www.securityfocus.com/bid/15185
https://exchange.xforce.ibmcloud.com/vulnerabilities/22861
https://exchange.xforce.ibmcloud.com/vulnerabilities/27746
https://www.exploit-db.com/exploits/1530

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:36

Objavljeno

30-10-2005 - 14:34