CVE-2005-2468
9.5 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.9%
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
References
lists.mysql.com/eventum-users/2072
marc.info/?l=bugtraq&m=112292193807958&w=2
secunia.com/advisories/16304
securitytracker.com/id?1014603
www.gulftech.org/?node=research&article_id=00093-07312005
www.osvdb.org/18403
www.osvdb.org/18404
www.osvdb.org/18405
www.osvdb.org/18406
www.securityfocus.com/bid/14437
www.vupen.com/english/advisories/2005/1287
9.5 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.9%