Lucene search

[email protected]CVE-2005-2062

HistoryJun 29, 2005 - 4:00 a.m.

CVE-2005-2062

2005-06-2904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

2062

activebuyandsell

sql injection

remote attackers

arbitrary sql commands

catid parameter

admin.asp

buyer.asp

search.asp

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.3%

JSON

Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.

CPENameOperatorVersion
active_web_softwares:activebuyandsellactive web softwares activebuyandselleq6.2

CPE	Name	Operator	Version
active_web_softwares:activebuyandsell	active web softwares activebuyandsell	eq	6.2

References

echo.or.id/adv/adv21-theday-2005.txt

marc.info/?l=bugtraq&m=111963341429906&w=2

www.securityfocus.com/bid/23110

www.vupen.com/english/advisories/2007/1096

exchange.xforce.ibmcloud.com/vulnerabilities/33183

www.exploit-db.com/exploits/3550

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.3%

JSON