Lucene search

[email protected]CVE-2005-3816

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3816

2005-11-2602:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

forum.php

freeforum 1.1

remote attack

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON

Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.

CPENameOperatorVersion
zoneo-soft:freeforumzoneo-soft freeforumle1.1

CPE	Name	Operator	Version
zoneo-soft:freeforum	zoneo-soft freeforum	le	1.1

References

pridels0.blogspot.com/2005/11/freeforum-1x-cat-and-thread-sql-inj.html

secunia.com/advisories/17720

securitytracker.com/id?1015269

www.osvdb.org/21086

www.securityfocus.com/bid/15559

www.vupen.com/english/advisories/2005/2571

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON