Lucene search

[email protected]CVE-2005-2692

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-2692

2022-10-0316:22:49

[email protected]

web.nvd.nist.gov

cve

sql injection

runcms

vulnerability

remote execution

arbitrary commands

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

48.5%

JSON

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module.

Affected configurations

NVD

Node

runcmsruncmsMatch1.1

runcmsruncmsMatch1.1a

runcmsruncmsMatch1.2

CPENameOperatorVersion
runcms:runcmsruncmseq1.1
runcms:runcmsruncmseq1.1a
runcms:runcmsruncmseq1.2

CPE	Name	Operator	Version
runcms:runcms	runcms	eq	1.1
runcms:runcms	runcms	eq	1.1a
runcms:runcms	runcms	eq	1.2

References

secunia.com/advisories/16514

www.gulftech.org/?node=research&article_id=00094-08192005

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVE-2005-2692

cvelist1 nvd1 nessus1