Lucene search

[email protected]CVE-2005-3686

HistoryNov 19, 2005 - 1:03 a.m.

CVE-2005-3686

2005-11-1901:03:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2005-3686

sql injection

unclassified newsboard

remote attackers

forum.php

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON

SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.

CPENameOperatorVersion
newsboard:unclassified_newsboardnewsboard unclassified newsboardle1.5.3_patch3

CPE	Name	Operator	Version
newsboard:unclassified_newsboard	newsboard unclassified newsboard	le	1.5.3_patch3

References

packetstormsecurity.org/0511-exploits/unb153pl3_xpl.html

rgod.altervista.org/unb153pl3_xpl.html

secunia.com/advisories/17614

www.osvdb.org/20951

www.securityfocus.com/bid/15466

www.vupen.com/english/advisories/2005/2487

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2005-3686

cvelist2 prion1 cve1