Vulnerability CVE-2005-3868
Published: 2005-11-29   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Turn-k -> K-search 

 References:
http://www.vupen.com/english/advisories/2005/2616
http://www.securityfocus.com/bid/15588
http://www.exploit-db.com/exploits/13993
http://secunia.com/advisories/17719
http://www.osvdb.org/21127
http://pridels0.blogspot.com/2005/11/k-search-multiple-vuln.html
Copyright 2024, cxsecurity.com

 

Back to Top