Lucene search

[email protected]CVE-2005-3394

HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3394

2005-11-0112:47:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

forum.php

oaboard forum 1.0

cve-2005-3394

security vulnerability

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.

CPENameOperatorVersion
oaboard:oaboardoaboardeq1.0

CPE	Name	Operator	Version
oaboard:oaboard	oaboard	eq	1.0

References

secunia.com/advisories/17373

www.osvdb.org/20420

www.securityfocus.com/archive/1/415299

www.securityfocus.com/bid/15245

www.vupen.com/english/advisories/2005/2258

exchange.xforce.ibmcloud.com/vulnerabilities/22932

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON