Lucene search

[email protected]CVE-2005-3937

HistoryDec 01, 2005 - 11:00 a.m.

CVE-2005-3937

2005-12-0111:00:00

[email protected]

web.nvd.nist.gov

cve-2005-3937

sql injection

softbiz b2b trading marketplace script 1.1

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

Affected configurations

NVD

Node

softbizb2b_trading_marketplace_scriptRange≤1.1

CPENameOperatorVersion
softbiz:b2b_trading_marketplace_scriptsoftbiz b2b trading marketplace scriptle1.1

CPE	Name	Operator	Version
softbiz:b2b_trading_marketplace_script	softbiz b2b trading marketplace script	le	1.1

References

pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html

secunia.com/advisories/17808

www.osvdb.org/21252

www.osvdb.org/21253

www.osvdb.org/21254

www.osvdb.org/21255

www.securityfocus.com/bid/15652

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2005-3937

cvelist1 nvd1