Lucene search

[email protected]CVE-2005-2675

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-2675

2005-08-2304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2675

sql injection

ldu 800

remote attackers

arbitrary sql commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.8%

JSON

Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

CPENameOperatorVersion
neocrome:land_down_underneocrome land down undereq800

CPE	Name	Operator	Version
neocrome:land_down_under	neocrome land down under	eq	800

References

marc.info/?l=bugtraq&m=112456235729717&w=2

securitytracker.com/id?1014747

www.neocrome.net

www.securityfocus.com/bid/14618

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2005-2675

cvelist1 nessus2 openvas2