Lucene search

[email protected]CVE-2005-2461

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-2461

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

kayako

liveresponse

calendar

cve-2005-2461

nvd

8.8 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.011 Low

EPSS

Percentile

84.5%

JSON

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.

CPENameOperatorVersion
kayako:liveresponsekayako liveresponseeq2.0

CPE	Name	Operator	Version
kayako:liveresponse	kayako liveresponse	eq	2.0

References

marc.info/?l=bugtraq&m=112274359718863&w=2

secunia.com/advisories/16286

www.gulftech.org/?node=research&article_id=00092-07302005

www.osvdb.org/18396

www.securityfocus.com/bid/14425

8.8 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2005-2461

nessus1