Lucene search

[email protected]CVE-2005-1585

HistoryMay 11, 2005 - 4:00 a.m.

CVE-2005-1585

2005-05-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1585

quick.forum

sql injection

remote attackers

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.6%

JSON

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.

CPENameOperatorVersion
open_solution:quick.forumopen solution quick.forumeq2.1.6

CPE	Name	Operator	Version
open_solution:quick.forum	open solution quick.forum	eq	2.1.6

References

lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html

secunia.com/advisories/15200

www.osvdb.org/16326

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.6%

JSON