Lucene search

MitreCVE-2005-1413

HistoryMay 03, 2005 - 4:00 a.m.

CVE-2005-1413

2005-05-0304:00:00

mitre

web.nvd.nist.gov

envivo!cms

sql injection

remote attack

arbitrary commands

privilege escalation

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.004

Percentile

73.8%

JSON

Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.

Affected configurations

Nvd

Node

envivosoftenvivo_cmsMatch3.54

VendorProductVersionCPE
envivosoftenvivo_cms3.54cpe:2.3:a:envivosoft:envivo_cms:3.54:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
envivosoft	envivo_cms	3.54	cpe:2.3:a:envivosoft:envivo_cms:3.54:::::::*

References

digitalparadox.org/viewadvisories.ah?view=37

marc.info/?l=full-disclosure&m=118414271202945&w=2

secunia.com/advisories/15173

securitytracker.com/id?1013843

securityvulns.ru/Rdocument425.html

www.osvdb.org/15964

www.osvdb.org/15965

www.osvdb.org/15966

www.securityfocus.com/bid/13437

www.securityfocus.com/bid/13439

www.securityfocus.com/bid/13440

www.securityfocus.com/bid/24860

exchange.xforce.ibmcloud.com/vulnerabilities/20313

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.004

Percentile

73.8%

JSON

Related for CVE-2005-1413