Vulnerability CVE-2005-3939


Published: 2005-12-01   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Wsn knowledge base -> Wsn knowledge base 

 References:
http://www.securityfocus.com/bid/15656
http://secunia.com/advisories/17810
http://www.osvdb.org/21264
http://www.osvdb.org/21263
http://www.osvdb.org/21262
http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html

Copyright 2024, cxsecurity.com

 

Back to Top