Lucene search

[email protected]CVE-2005-3518

HistoryNov 06, 2005 - 11:02 a.m.

CVE-2005-3518

2005-11-0611:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3518

sql injection

punbb

remote attackers

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.9%

JSON

SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.

CPENameOperatorVersion
punbb:punbbpunbbeq1.2.7
punbb:punbbpunbbeq1.2.8

CPE	Name	Operator	Version
punbb:punbb	punbb	eq	1.2.7
punbb:punbb	punbb	eq	1.2.8

References

marc.info/?l=bugtraq&m=112939699128430&w=2

secunia.com/advisories/17227/

securityreason.com/securityalert/87

www.kapda.ir/advisory-91.html

www.osvdb.org/20018

www.punbb.org/changelogs/1.2.8_to_1.2.9.txt

www.securityfocus.net/bid/15114/

exchange.xforce.ibmcloud.com/vulnerabilities/22760

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2005-3518

nessus1 cvelist1