Lucene search

[email protected]CVE-2005-3384

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3384

2005-10-3014:34:00

[email protected]

web.nvd.nist.gov

sql injection

techno dreams

guest book

remote attackers

arbitrary sql commands

authentication bypass

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.

Affected configurations

NVD

Node

techno_dreamstechno_dreams_guest_book

CPENameOperatorVersion
techno_dreams:techno_dreams_guest_booktechno dreams techno dreams guest bookeq*

CPE	Name	Operator	Version
techno_dreams:techno_dreams_guest_book	techno dreams techno dreams guest book	eq	*

References

marc.info/?l=bugtraq&m=113035773010381&w=2

secunia.com/advisories/17354/

www.kapda.ir/advisory-103.html

www.osvdb.org/20331

www.securityfocus.com/bid/15215

www.vupen.com/english/advisories/2005/2222

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2005-3384

cvelist1 nvd1