Lucene search

[email protected]CVE-2005-3309

HistoryOct 26, 2005 - 1:02 a.m.

CVE-2005-3309

2005-10-2601:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zomplog

sql injection

vulnerability

remote attackers

arbitrary commands

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.3%

JSON

Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php.

CPENameOperatorVersion
zomplog:zomplogzomplogeq3.4

CPE	Name	Operator	Version
zomplog:zomplog	zomplog	eq	3.4

References

secunia.com/advisories/17306/

securitytracker.com/alerts/2005/Oct/1015088.html

www.osvdb.org/20250

www.osvdb.org/20251

www.osvdb.org/20252

exchange.xforce.ibmcloud.com/vulnerabilities/22827

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.3%

JSON