CVE-2005-3968

Sažetak

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.

Reference

http://rgod.altervista.org/phpx_359_xpl.html
http://secunia.com/advisories/17858
http://securitytracker.com/id?1015300
http://www.osvdb.org/21384
http://www.phpx.org/news.php?news_id=139
http://www.securityfocus.com/archive/1/418253/100/0/threaded
http://www.securityfocus.com/bid/15680
http://www.vupen.com/english/advisories/2005/2696
https://exchange.xforce.ibmcloud.com/vulnerabilities/23459

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:39

Objavljeno

03-12-2005 - 19:03