Vulnerability CVE-2005-0651
Published: 2005-05-02   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Projectbb -> Projectbb 

 References:
http://xforce.iss.net/xforce/xfdb/19557
http://www.vupen.com/english/advisories/2005/0223
http://www.securityfocus.com/bid/12710
http://securitytracker.com/id?1013332
http://secunia.com/advisories/14533
http://marc.theaimsgroup.com/?l=bugtraq&m=111031893610270&w=2
Copyright 2024, cxsecurity.com

 

Back to Top