Lucene search

[email protected]CVE-2005-1384

HistoryMay 03, 2005 - 4:00 a.m.

CVE-2005-1384

2005-05-0304:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1384

sql injection

phpcoin 1.2.2

remote attackers

security vulnerability

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

Affected configurations

NVD

Node

coinsoft_technologiesphpcoinMatch1.2

coinsoft_technologiesphpcoinMatch1.2.1

coinsoft_technologiesphpcoinMatch1.2.1b

CPENameOperatorVersion
coinsoft_technologies:phpcoincoinsoft technologies phpcoineq1.2
coinsoft_technologies:phpcoincoinsoft technologies phpcoineq1.2.1
coinsoft_technologies:phpcoincoinsoft technologies phpcoineq1.2.1b

CPE	Name	Operator	Version
coinsoft_technologies:phpcoin	coinsoft technologies phpcoin	eq	1.2
coinsoft_technologies:phpcoin	coinsoft technologies phpcoin	eq	1.2.1
coinsoft_technologies:phpcoin	coinsoft technologies phpcoin	eq	1.2.1b

References

digitalparadox.org/viewadvisories.ah?view=36

marc.info/?l=bugtraq&m=111473522804665&w=2

pridels0.blogspot.com/2006/03/phpcoin-poc.html

securitytracker.com/id?1013834

www.securityfocus.com/bid/13433

www.vupen.com/english/advisories/2005/0423

exchange.xforce.ibmcloud.com/vulnerabilities/20308

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2005-1384

nvd1 nessus1 cvelist1