Lucene search

[email protected]CVE-2005-1972

HistoryJun 13, 2005 - 4:00 a.m.

CVE-2005-1972

2005-06-1304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

interactivephp

fusionbb

nvd

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.6%

JSON

Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie.

CPENameOperatorVersion
interactivephp:fusionbbinteractivephp fusionbbeq11_beta

CPE	Name	Operator	Version
interactivephp:fusionbb	interactivephp fusionbb	eq	11_beta

References

www.gulftech.org/?node=research&article_id=00081-06132005

www.interactivephp.com/misc/CHANGELOG.html

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.6%

JSON