Lucene search

[email protected]CVE-2005-0475

HistoryMar 30, 2005 - 5:00 a.m.

CVE-2005-0475

2005-03-3005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

pafaq

vulnerability

remote execution

nvd

8.7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.

CPENameOperatorVersion
php_arena:pafaqphp arena pafaqeqbeta4

CPE	Name	Operator	Version
php_arena:pafaq	php arena pafaq	eq	beta4

References

marc.info/?l=bugtraq&m=110868808723487&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/19371

8.7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2005-0475

nessus1