Lucene search

[email protected]CVE-2005-0292

HistoryFeb 10, 2005 - 5:00 a.m.

CVE-2005-0292

2005-02-1005:00:00

[email protected]

web.nvd.nist.gov

php

gift registry

sql injection

vulnerability

remote attackers

nvd

cve-2005-0292

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.1 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

Affected configurations

NVD

Node

php_gift_registryphpgiftregMatch1.4

CPENameOperatorVersion
php_gift_registry:phpgiftregphp gift registry phpgiftregeq1.4

CPE	Name	Operator	Version
php_gift_registry:phpgiftreg	php gift registry phpgiftreg	eq	1.4

References

lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html

marc.info/?l=bugtraq&m=110599710017066&w=2

secunia.com/advisories/13873

securitytracker.com/id?1012910

www.securityfocus.com/archive/1/392485

www.securityfocus.com/bid/12289

exchange.xforce.ibmcloud.com/vulnerabilities/18925

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.1 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2005-0292

cvelist1 nvd1