Lucene search

[email protected]CVE-2005-2574

HistoryAug 16, 2005 - 4:00 a.m.

CVE-2005-2574

2005-08-1604:00:00

[email protected]

web.nvd.nist.gov

xmb

php

xmb forum

security vulnerability

cve-2005-2574

nvd

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].

Affected configurations

NVD

Node

xmb_forumxmbMatch1.9.1

CPENameOperatorVersion
xmb_forum:xmbxmb forum xmbeq1.9.1

CPE	Name	Operator	Version
xmb_forum:xmb	xmb forum xmb	eq	1.9.1

References

forums.xmbforum.com/viewthread.php?tid=754523

marc.info/?l=bugtraq&m=112361545228809&w=2

docs.xmbforum2.com/index.php?title=Security_Issue_History

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2005-2574

cvelist1 nvd1 nessus1