Lucene search

[email protected]CVE-2005-0617

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0617

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0617

sql injection

postnuke

remote attackers

security vulnerability

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.

CPENameOperatorVersion
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.760_rc2
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.750

CPE	Name	Operator	Version
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.760_rc2
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.750

References

marc.info/?l=bugtraq&m=110962710805864&w=2

news.postnuke.com/Article2669.html

securitytracker.com/id?1013324

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for CVE-2005-0617

openvas2 nessus2 freebsd1