Lucene search

[email protected]CVE-2005-3859

HistoryNov 29, 2005 - 11:03 a.m.

CVE-2005-3859

2005-11-2911:03:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2005-3859

q-news

php

rfi

vulnerability

remote code execution

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.2%

JSON

PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

CPENameOperatorVersion
q-news:q-newsq-newseq2.0

CPE	Name	Operator	Version
q-news:q-news	q-news	eq	2.0

References

secunia.com/advisories/17771

securityreason.com/securityalert/209

securitytracker.com/id?1015277

www.securityfocus.com/archive/1/417797/100/0/threaded

www.securityfocus.com/bid/15576

www.vupen.com/english/advisories/2005/2600

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.2%

JSON