CVE-2005-3423

Sažetak

Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.

Reference

http://rst.void.ru/papers/advisory35.txt
http://secunia.com/advisories/17378
http://www.osvdb.org/20378
http://www.osvdb.org/20379
http://www.osvdb.org/20380
http://www.osvdb.org/20381
http://www.osvdb.org/20382
http://www.osvdb.org/20384
http://www.securityfocus.com/bid/15238

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 20:54

Objavljeno

01-11-2005 - 22:02