Lucene search

[email protected]CVE-2005-3825

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3825

2005-11-2602:03:00

[email protected]

web.nvd.nist.gov

cve-2005-3825

sql injection

index.php

comdev vote caster 3.1

security vulnerability

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.

Affected configurations

NVD

Node

comdevcomdev_vote_casterRange≤3.1

CPENameOperatorVersion
comdev:comdev_vote_castercomdev comdev vote casterle3.1

CPE	Name	Operator	Version
comdev:comdev_vote_caster	comdev comdev vote caster	le	3.1

References

pridels0.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html

secunia.com/advisories/17672

www.osvdb.org/21087

www.securityfocus.com/bid/15563

www.vupen.com/english/advisories/2005/2573

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2005-3825

nvd1 cvelist1