Lucene search

K
cveMitreCVE-2005-3986
HistoryDec 04, 2005 - 10:03 p.m.

CVE-2005-3986

2005-12-0422:03:00
mitre
web.nvd.nist.gov
32
sql injection
instant photo gallery
vulnerability
cat_id
cid
portfolio.php
content.php

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.009

Percentile

82.5%

Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.

Affected configurations

Nvd
Node
verosky_mediainstant_photo_galleryRange1
VendorProductVersionCPE
verosky_mediainstant_photo_gallery*cpe:2.3:a:verosky_media:instant_photo_gallery:*:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.009

Percentile

82.5%

Related for CVE-2005-3986