Lucene search

[email protected]CVE-2005-1287

HistoryApr 26, 2005 - 4:00 a.m.

CVE-2005-1287

2005-04-2604:00:00

[email protected]

web.nvd.nist.gov

sql injection

bk forum 4.0

remote attackers

arbitrary commands

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.

Affected configurations

NVD

Node

bk_devbk_forumRange≤4

CPENameOperatorVersion
bk_dev:bk_forumbk dev bk forumle4

CPE	Name	Operator	Version
bk_dev:bk_forum	bk dev bk forum	le	4

References

marc.info/?l=bugtraq&m=111428133317901&w=2

secunia.com/advisories/15072

securitytracker.com/id?1013793

www.digitalparadox.org/advisories/bkdev.txt

www.osvdb.org/15784

www.osvdb.org/15785

www.osvdb.org/15786

www.securityfocus.com/archive/1/431659/100/0/threaded

www.securityfocus.com/archive/1/431863/100/0/threaded

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2005-1287

cvelist1 nvd1