Vulnerability CVE-2005-3363


Published: 2005-10-30   Modified: 2012-02-12

Description:
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

See advisories in our WLB2 database:
Topic
Author
Date
Low
SQL saphp Lesson
almaster
25.10.2005

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Saphp -> Saphplesson 

 References:
http://marc.info/?l=bugtraq&m=113018965520240&w=2
http://securityreason.com/securityalert/111
http://www.attrition.org/pipermail/vim/2005-October/000313.html
http://www.securityfocus.com/archive/1/430906/30/5610/threaded
http://www.securityfocus.com/archive/1/440120/100/0/threaded
http://www.securityfocus.com/archive/1/472799/100/0/threaded
http://www.securityfocus.com/bid/15185
https://exchange.xforce.ibmcloud.com/vulnerabilities/22861
https://exchange.xforce.ibmcloud.com/vulnerabilities/27746
https://www.exploit-db.com/exploits/1530

Copyright 2024, cxsecurity.com

 

Back to Top