Lucene search

[email protected]CVE-2005-3363

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3363

2005-10-3014:34:00

[email protected]

web.nvd.nist.gov

sql injection

saphp lesson

remote attackers

nvd

cve-2005-3363

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.8%

JSON

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Affected configurations

NVD

Node

saphpsaphplessonMatch1.1

saphpsaphplessonMatch2.0

CPENameOperatorVersion
saphp:saphplessonsaphp saphplessoneq1.1
saphp:saphplessonsaphp saphplessoneq2.0

CPE	Name	Operator	Version
saphp:saphplesson	saphp saphplesson	eq	1.1
saphp:saphplesson	saphp saphplesson	eq	2.0

References

marc.info/?l=bugtraq&m=113018965520240&w=2

secunia.com/advisories/17308/

securityreason.com/securityalert/111

www.attrition.org/pipermail/vim/2005-October/000313.html

www.osvdb.org/20289

www.osvdb.org/20290

www.securityfocus.com/archive/1/430906/30/5610/threaded

www.securityfocus.com/archive/1/440120/100/0/threaded

www.securityfocus.com/archive/1/472799/100/0/threaded

www.securityfocus.com/bid/15185

exchange.xforce.ibmcloud.com/vulnerabilities/22861

exchange.xforce.ibmcloud.com/vulnerabilities/27746

www.exploit-db.com/exploits/1530

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2005-3363

nvd1 cvelist1