Lucene search
HistoryOct 06, 2005 - 10:02 a.m.
CVE-2005-3158
cve-2005-3158
sql injection
php-fusion
remote attackers
arbitrary commands
8.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.0%
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php_fusion:php_fusion | php fusion | eq | 6.00.106 |
| php_fusion:php_fusion | php fusion | eq | 6.00.107 |
Related
cve
cve
prion
prion
Sql injection
2008-12-05 01:30:00
nessus
nessus
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
2005-10-12 00:00:00
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
2005-07-29 00:00:00
openvas
openvas
PHP-Fusion < 6.00.110 Multiple SQL Injection Vulnerabilities
2006-03-26 00:00:00
8.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.0%
Related for CVE-2005-3158