Lucene search

[email protected]CVE-2005-0882

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0882

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

birdblog

admincore.php

vulnerability

remote execution

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters.

CPENameOperatorVersion
birdblog:birdblogbirdblogeq1.1.0
birdblog:birdblogbirdblogeq1.0.0

CPE	Name	Operator	Version
birdblog:birdblog	birdblog	eq	1.1.0
birdblog:birdblog	birdblog	eq	1.0.0

References

birdblog.sourceforge.net/ChangeLog

cvs.sourceforge.net/viewcvs.py/birdblog/birdblog/admin/admincore.php?r1=1.4&r2=1.5

secunia.com/advisories/14676

securitytracker.com/id?1013548

www.securityfocus.com/bid/12880

exchange.xforce.ibmcloud.com/vulnerabilities/19799

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for CVE-2005-0882

cvelist1