Lucene search

K
cve[email protected]CVE-2005-0946
HistoryApr 03, 2005 - 5:00 a.m.

CVE-2005-0946

2005-04-0305:00:00
web.nvd.nist.gov
28
cve
2005
0946
sql injection
phpcoin
remote attackers
arbitrary commands
search page
forgot password page
ordering new package page

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.7%

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.

Affected configurations

NVD
Node
coinsoft_technologiesphpcoinMatch1.2
OR
coinsoft_technologiesphpcoinMatch1.2.1
OR
coinsoft_technologiesphpcoinMatch1.2.1b

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.7%

Related for CVE-2005-0946