Lucene search

[email protected]CVE-2005-2478

HistoryAug 05, 2005 - 4:00 a.m.

CVE-2005-2478

2005-08-0504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

silvernews 2.0.3

remote attackers

arbitrary sql commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.1%

JSON

SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.

CPENameOperatorVersion
silver-scripts:silvernewssilver-scripts silvernewseq2.0.3

CPE	Name	Operator	Version
silver-scripts:silvernews	silver-scripts silvernews	eq	2.0.3

References

marc.info/?l=bugtraq&m=112309780321088&w=2

secunia.com/advisories/16315

securitytracker.com/id?1014622

www.osvdb.org/18517

www.rgod.altervista.org/silvernews.html

www.securityfocus.com/bid/14466

exchange.xforce.ibmcloud.com/vulnerabilities/21688

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2005-2478

nessus1