Lucene search

K
cveMitreCVE-2005-3872
HistoryNov 29, 2005 - 11:03 a.m.

CVE-2005-3872

2005-11-2911:03:00
mitre
web.nvd.nist.gov
32
cve
sql injection
ugroup
forum.php
topic.php
remote attackers
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.005

Percentile

77.9%

Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.

Affected configurations

Nvd
Node
ugroupugroupRange2.6.2
VendorProductVersionCPE
ugroupugroup*cpe:2.3:a:ugroup:ugroup:*:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.005

Percentile

77.9%

Related for CVE-2005-3872