Lucene search

[email protected]CVE-2005-2838

HistorySep 07, 2005 - 8:03 p.m.

CVE-2005-2838

2005-09-0720:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2838

sql injection

mybloggie

remote attackers

security vulnerability

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

CPENameOperatorVersion
mywebland:mybloggiemywebland mybloggieeq2.1.2
mywebland:mybloggiemywebland mybloggieeq2.1.3_beta
mywebland:mybloggiemywebland mybloggieeq2.1.1

CPE	Name	Operator	Version
mywebland:mybloggie	mywebland mybloggie	eq	2.1.2
mywebland:mybloggie	mywebland mybloggie	eq	2.1.3_beta
mywebland:mybloggie	mywebland mybloggie	eq	2.1.1

References

glide.stanford.edu/yichen/research/sec.pdf

marc.info/?l=bugtraq&m=112607358831963&w=2

mywebland.com/forums/showtopic.php?t=399

secunia.com/advisories/16699

www.securityfocus.com/archive/1/419280/100/0/threaded

www.securityfocus.com/bid/14739

exchange.xforce.ibmcloud.com/vulnerabilities/22162

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2005-2838

cve2