Lucene search

[email protected]CVE-2005-2002

HistoryJun 15, 2005 - 4:00 a.m.

CVE-2005-2002

2005-06-1504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2002

sql injection

mambo 4.5.2.2

vulnerability

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.

CPENameOperatorVersion
mambo:mambomamboeq4.5.2
mambo:mambomamboeq4.5.0.2
mambo:mambomamboeq4.5.2.2
mambo:mambomamboeq4.5.1a
mambo:mambomamboeq4.5.1.3
mambo:mambomamboeq4.5_1.0.9

CPE	Name	Operator	Version
mambo:mambo	mambo	eq	4.5.2
mambo:mambo	mambo	eq	4.5.0.2
mambo:mambo	mambo	eq	4.5.2.2
mambo:mambo	mambo	eq	4.5.1a
mambo:mambo	mambo	eq	4.5.1.3
mambo:mambo	mambo	eq	4.5_1.0.9

References

mamboforge.net/frs/download.php/6153/CHANGELOG

marc.info/?l=bugtraq&m=111885974124936&w=2

secunia.com/advisories/15710

securitytracker.com/id?1014222

www.osvdb.org/17323

www.securityfocus.com/bid/13966

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2005-2002

openvas2 nessus2 freebsd1 cvelist1