Lucene search

[email protected]CVE-2005-4040

HistoryDec 06, 2005 - 11:03 a.m.

CVE-2005-4040

2005-12-0611:03:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2005-4040

sql injection

filelister

remote attackers

search parameters

searchwhat parameter

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.8%

JSON

SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp.

Affected configurations

NVD

Node

tawbawarefilelisterRange≤0.51

CPENameOperatorVersion
tawbaware:filelistertawbaware filelisterle0.51

CPE	Name	Operator	Version
tawbaware:filelister	tawbaware filelister	le	0.51

References

pridels0.blogspot.com/2005/12/filelister-sql-inj-vuln.html

secunia.com/advisories/17821

www.osvdb.org/21416

www.osvdb.org/21476

www.securityfocus.com/bid/15706

www.vupen.com/english/advisories/2005/2725

exchange.xforce.ibmcloud.com/vulnerabilities/23418

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2005-4040

cvelist1 nvd1