Lucene search

[email protected]CVE-2005-1786

HistoryMay 25, 2005 - 4:00 a.m.

CVE-2005-1786

2005-05-2504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1786

sql injection

funkyasp ad system 1.1

remote attackers

arbitrary sql commands

privilege escalation

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.9%

JSON

SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.

CPENameOperatorVersion
funkyasp:funkyasp_ad_systemfunkyasp funkyasp ad systemeq1.1

CPE	Name	Operator	Version
funkyasp:funkyasp_ad_system	funkyasp funkyasp ad system	eq	1.1

References

secunia.com/advisories/15494

securitytracker.com/id?1014056

www.funkyasp.co.uk/product.asp?prod=1&currency=USD

www.under9round.com/funky-asp.txt

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.9%

JSON