Lucene search

[email protected]CVE-2005-3844

HistoryNov 26, 2005 - 10:03 p.m.

CVE-2005-3844

2005-11-2622:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3844

sql injection

phpwordpress

php news and article manager 3.0

remote attackers

nvd

vulnerability

execute arbitrary sql commands

index.php

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.

CPENameOperatorVersion
phpwordpress:php_news_and_article_managerphpwordpress php news and article managereq3.0

CPE	Name	Operator	Version
phpwordpress:php_news_and_article_manager	phpwordpress php news and article manager	eq	3.0

References

forum.word-press.net/index.php?&showtopic=76&st=0&#entry181

pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html

secunia.com/advisories/17733

www.osvdb.org/21110

www.securityfocus.com/bid/15582

www.vupen.com/english/advisories/2005/2594

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON