Lucene search

[email protected]CVE-2005-2415

HistoryAug 03, 2005 - 4:00 a.m.

CVE-2005-2415

2005-08-0304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2415

sql injection

contrexx

security vulnerability

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.

CPENameOperatorVersion
astalavista_it_engineering:contrexxastalavista it engineering contrexxle1.0.4

CPE	Name	Operator	Version
astalavista_it_engineering:contrexx	astalavista it engineering contrexx	le	1.0.4

References

marc.info/?l=bugtraq&m=112206702015439&w=2

secunia.com/advisories/16169

securitytracker.com/id?1014554

www.hardened-php.net/advisory_112005.59.html

www.osvdb.org/18166

www.osvdb.org/18167

www.securityfocus.com/bid/14352

exchange.xforce.ibmcloud.com/vulnerabilities/21482

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON