Lucene search

K
cve[email protected]CVE-2005-0474
HistoryMar 30, 2005 - 5:00 a.m.

CVE-2005-0474

2005-03-3005:00:00
NVD-CWE-Other
web.nvd.nist.gov
18
cve-2005-0474
sql injection
webcalendar
user.php
nvd

8.6 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.011 Low

EPSS

Percentile

83.7%

SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.

8.6 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.011 Low

EPSS

Percentile

83.7%

Related for CVE-2005-0474