Lucene search

[email protected]CVE-2005-3509

HistoryNov 06, 2005 - 11:02 a.m.

CVE-2005-3509

2005-11-0611:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

jportal

sql injection

security

vulnerability

remote execution

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.0%

JSON

Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php.

CPENameOperatorVersion
jportal:jportal_web_portaljportal jportal web portaleq2.2.1
jportal:jportal_web_portaljportal jportal web portaleq2.3.1

CPE	Name	Operator	Version
jportal:jportal_web_portal	jportal jportal web portal	eq	2.2.1
jportal:jportal_web_portal	jportal jportal web portal	eq	2.3.1

References

foro.elhacker.net/index.php?topic=93436.0

www.security.nnov.ru/Kdocument105.html

www.securityfocus.com/bid/15324

www.vupen.com/english/advisories/2005/2310

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2005-3509

prion1 cve1