Lucene search

[email protected]CVE-2005-1647

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-1647

2022-10-0316:22:43

[email protected]

web.nvd.nist.gov

gurgens

gasoft

guest book

data storage

access control

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.

Affected configurations

NVD

Node

gurgensgurgens_guest_bookMatch2.1

CPENameOperatorVersion
gurgens:gurgens_guest_bookgurgens gurgens guest bookeq2.1

CPE	Name	Operator	Version
gurgens:gurgens_guest_book	gurgens gurgens guest book	eq	2.1

References

archives.neohapsis.com/archives/fulldisclosure/2005-05/0351.html

secunia.com/advisories/15373

securitytracker.com/id?1013976

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2005-1647

nvd1 cvelist1