Lucene search

[email protected]CVE-2005-2009

HistoryJun 20, 2005 - 4:00 a.m.

CVE-2005-2009

2005-06-2004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

ublog reload 1.0.5

security vulnerability

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.

CPENameOperatorVersion
ublog:reloadublog reloadeq1.0.5

CPE	Name	Operator	Version
ublog:reload	ublog reload	eq	1.0.5

References

echo.or.id/adv/adv18-theday-2005.txt

marc.info/?l=bugtraq&m=111928552304897&w=2

www.vupen.com/english/advisories/2005/0818

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON