CVE-2005-4495

Sažetak

SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax

Reference

http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html
http://www.osvdb.org/22066
http://www.securityfocus.com/bid/16039
http://www.vupen.com/english/advisories/2005/3053

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2024 - 00:15

Objavljeno

22-12-2005 - 11:03