Lucene search

[email protected]CVE-2005-3933

HistoryDec 01, 2005 - 6:03 a.m.

CVE-2005-3933

2005-12-0106:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

88script

event calendar

cybersecurity

vulnerability

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

SQL injection vulnerability in index.php in 88Script’s Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.

CPENameOperatorVersion
88script:88script_event_calendar88script 88script event calendareq2.0

CPE	Name	Operator	Version
88script:88script_event_calendar	88script 88script event calendar	eq	2.0

References

pridels0.blogspot.com/2005/11/88scripts-event-calendar-v20-sql-inj.html

secunia.com/advisories/17796

www.osvdb.org/21269

www.securityfocus.com/bid/15658

www.vupen.com/english/advisories/2005/2667

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON