Lucene search

[email protected]CVE-2005-2561

HistoryAug 16, 2005 - 4:00 a.m.

CVE-2005-2561

2005-08-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2561

myfaq

sql injection

remote attackers

theme parameter

soustheme parameter

faq parameter

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3.

CPENameOperatorVersion
myfaq:myfaqmyfaqeq1.0

CPE	Name	Operator	Version
myfaq:myfaq	myfaq	eq	1.0

References

marc.info/?l=bugtraq&m=112352204602309&w=2

secunia.com/advisories/16366

svt.nukleon.us/lab/svadvisory13.txt

www.securityfocus.com/bid/14503

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON