Lucene search

[email protected]CVE-2005-2323

HistoryJul 19, 2005 - 4:00 a.m.

CVE-2005-2323

2005-07-1904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2323

sql injection

class-1 forum

clever copy

remote attack

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.

CPENameOperatorVersion
class-1:class-1_forumclass-1 class-1 forumeq0.23.2
clever_copy:clever_copyclever copyeq*
class-1:class-1_forumclass-1 class-1 forumeq0.24.4

CPE	Name	Operator	Version
class-1:class-1_forum	class-1 class-1 forum	eq	0.23.2
clever_copy:clever_copy	clever copy	eq	*
class-1:class-1_forum	class-1 class-1 forum	eq	0.24.4

References

lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html

secunia.com/advisories/16078

securitytracker.com/id?1014485

securitytracker.com/id?1014486

www.osvdb.org/17921

www.osvdb.org/17922

www.osvdb.org/17923

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON