Lucene search

[email protected]CVE-2005-0946

HistoryApr 03, 2005 - 5:00 a.m.

CVE-2005-0946

2005-04-0305:00:00

[email protected]

web.nvd.nist.gov

cve

2005

0946

sql injection

phpcoin

remote attackers

arbitrary commands

search page

forgot password page

ordering new package page

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.7%

JSON

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.

Affected configurations

NVD

Node

coinsoft_technologiesphpcoinMatch1.2

coinsoft_technologiesphpcoinMatch1.2.1

coinsoft_technologiesphpcoinMatch1.2.1b

CPENameOperatorVersion
coinsoft_technologies:phpcoincoinsoft technologies phpcoineq1.2
coinsoft_technologies:phpcoincoinsoft technologies phpcoineq1.2.1
coinsoft_technologies:phpcoincoinsoft technologies phpcoineq1.2.1b

CPE	Name	Operator	Version
coinsoft_technologies:phpcoin	coinsoft technologies phpcoin	eq	1.2
coinsoft_technologies:phpcoin	coinsoft technologies phpcoin	eq	1.2.1
coinsoft_technologies:phpcoin	coinsoft technologies phpcoin	eq	1.2.1b

References

marc.info/?l=bugtraq&m=111214190111520&w=2

www.gulftech.org/?node=research&article_id=00065-03292005

www.securityfocus.com/bid/12917

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2005-0946

nvd1 cvelist1 nessus1