Lucene search

[email protected]CVE-2005-3364

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3364

2005-10-3014:34:00

[email protected]

web.nvd.nist.gov

cve-2005-3364

sql injection

dboardgear

remote attackers

execute arbitrary commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.

Affected configurations

NVD

Node

platinumdboardgear

CPENameOperatorVersion
platinum:dboardgearplatinum dboardgeareq*

CPE	Name	Operator	Version
platinum:dboardgear	platinum dboardgear	eq	*

References

marc.info/?l=bugtraq&m=113017087231116&w=2

securityreason.com/securityalert/109

securitytracker.com/id?1015095

www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-10/0298.html

www.osvdb.org/20442

www.osvdb.org/20443

www.securityfocus.com/bid/15174

www.securityfocus.com/bid/15194

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2005-3364

nvd1 cvelist1