Lucene search

[email protected]CVE-2005-3408

HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3408

2005-11-0112:47:00

[email protected]

web.nvd.nist.gov

cve-2005-3408

sql injection

gcards 1.43

news.php

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.

Affected configurations

NVD

Node

greg_neustaettergcardsMatch1.43

CPENameOperatorVersion
greg_neustaetter:gcardsgreg neustaetter gcardseq1.43

CPE	Name	Operator	Version
greg_neustaetter:gcards	greg neustaetter gcards	eq	1.43

References

secunia.com/advisories/17353

securitytracker.com/id?1015106

www.fr33d0m.net/content-1783.html

www.osvdb.org/20329

www.securityfocus.com/bid/15216

www.vupen.com/english/advisories/2005/2223

exchange.xforce.ibmcloud.com/vulnerabilities/22884

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2005-3408

cvelist1 nvd1