Lucene search

[email protected]CVE-2005-3555

HistoryNov 16, 2005 - 7:42 a.m.

CVE-2005-3555

2005-11-1607:42:00

[email protected]

web.nvd.nist.gov

cve-2005-3555

sql injection

phplist

vulnerability

admin privileges

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.

Affected configurations

NVD

Node

tincanphplistRange≤2.10.1

CPENameOperatorVersion
tincan:phplisttincan phplistle2.10.1

CPE	Name	Operator	Version
tincan:phplist	tincan phplist	le	2.10.1

References

osvdb.org/20567

osvdb.org/20568

secunia.com/advisories/17476

www.securityfocus.com/archive/1/416005/30/0/threaded

www.securityfocus.com/bid/15350

www.trapkit.de/advisories/TKADV2005-11-001.txt

www.vupen.com/english/advisories/2005/2345

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2005-3555

cvelist1 nvd1