Lucene search

[email protected]CVE-2005-3369

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3369

2005-10-3014:34:00

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

woltlab burning board

info-db module

fileid

subkatid

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.

Affected configurations

NVD

Node

woltlabburning_boardMatch2.4

woltlabburning_boardMatch2.5

woltlabburning_boardMatch2.6

woltlabburning_boardMatch2.7

References

marc.info/?l=bugtraq&m=113034480129309&w=2

secunia.com/advisories/17347/

securityreason.com/securityalert/119

www.osvdb.org/20330

www.securityfocus.com/bid/15214

www.vupen.com/english/advisories/2005/2224

exchange.xforce.ibmcloud.com/vulnerabilities/22887

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for CVE-2005-3369

cvelist1 nvd1 openvas2 nessus1