Lucene search

K
cve[email protected]CVE-2005-0946
HistoryApr 03, 2005 - 5:00 a.m.

CVE-2005-0946

2005-04-0305:00:00
web.nvd.nist.gov
28
cve
2005
0946
sql injection
phpcoin
remote attackers
arbitrary commands
search page
forgot password page
ordering new package page

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.

Affected configurations

NVD
Node
coinsoft_technologiesphpcoinMatch1.2
OR
coinsoft_technologiesphpcoinMatch1.2.1
OR
coinsoft_technologiesphpcoinMatch1.2.1b

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

Related for CVE-2005-0946