Lucene search

[email protected]CVE-2005-3497

HistoryNov 04, 2005 - 12:02 a.m.

CVE-2005-3497

2005-11-0400:02:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2005-3497

sql injection

php handicapper

process_signup.php

remote attackers

arbitrary sql commands

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.7%

JSON

SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying “this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software.” However, followup investigation strongly suggests that the original report is correct

CPENameOperatorVersion
phphandicapper:php_handicapperphphandicapper php handicappereq*

CPE	Name	Operator	Version
phphandicapper:php_handicapper	phphandicapper php handicapper	eq	*

References

secunia.com/advisories/17412

www.osvdb.org/20481

www.securityfocus.com/bid/15298

www.vupen.com/english/advisories/2005/2292

www.zone-h.org/advisories/read/id=8360

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for CVE-2005-3497

cve2