Lucene search

[email protected]CVE-2005-3259

HistoryOct 20, 2005 - 10:02 a.m.

CVE-2005-3259

2005-10-2010:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3259

sql injection

vbb

versatilebulletinboard

authentication bypass

remote attack

nvd

security vulnerability

web application

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

JSON

Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) “search this thread” feature, (3) “search for posts” feature, (4) “forgot password” feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.

CPENameOperatorVersion
versatilebulletinboard:versatilebulletinboardversatilebulletinboardeq1.0.0.rc2

CPE	Name	Operator	Version
versatilebulletinboard:versatilebulletinboard	versatilebulletinboard	eq	1.0.0.rc2

References

marc.info/?l=bugtraq&m=112907535528616&w=2

rgod.altervista.org/versatile100RC2.html

secunia.com/advisories/17174/

www.osvdb.org/19962

www.osvdb.org/19963

www.osvdb.org/19964

www.osvdb.org/19965

www.osvdb.org/19966

www.osvdb.org/19967

www.osvdb.org/19968

www.securityfocus.com/bid/15068

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

JSON