Lucene search

[email protected]CVE-2005-3199

HistoryOct 14, 2005 - 10:02 a.m.

CVE-2005-3199

2005-10-1410:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3199

sql injection

aradmin.asp

aspready faq

remote attack

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.8%

JSON

Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters.

CPENameOperatorVersion
aspready_faq_manager:aspready_faq_manageraspready faq managereq*

CPE	Name	Operator	Version
aspready_faq_manager:aspready_faq_manager	aspready faq manager	eq	*

References

marc.info/?l=bugtraq&m=112861875408315&w=2

secunia.com/advisories/17091/

securityreason.com/securityalert/52

securitytracker.com/id?1015015

www.osvdb.org/19917

www.securityfocus.com/bid/15022

exchange.xforce.ibmcloud.com/vulnerabilities/22538

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.8%

JSON