Lucene search

[email protected]CVE-2005-3819

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3819

2005-11-2602:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3819

sql injection

vtiger crm

authentication bypass

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmle4.2

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	le	4.2

References

secunia.com/advisories/17693

securitytracker.com/id?1015271

www.hardened-php.net/advisory_232005.105.html

www.osvdb.org/21225

www.securityfocus.com/archive/1/417730/30/0/threaded

www.securityfocus.com/bid/15562

www.vupen.com/english/advisories/2005/2569

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Related for CVE-2005-3819

nessus1 openvas1