Lucene search

[email protected]CVE-2005-4139

HistoryDec 09, 2005 - 3:03 p.m.

CVE-2005-4139

2005-12-0915:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4139

sql injection

thwboard

remote attackers

arbitrary sql commands

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.

CPENameOperatorVersion
thwboard:thwboard_betathwboard thwboard betaeq2.8

CPE	Name	Operator	Version
thwboard:thwboard_beta	thwboard thwboard beta	eq	2.8

References

kapda.ir/advisory-149.html

securityreason.com/securityalert/238

www.osvdb.org/21737

www.osvdb.org/21738

www.osvdb.org/21739

www.securityfocus.com/archive/1/418837/100/0/threaded

www.securityfocus.com/bid/15763

exchange.xforce.ibmcloud.com/vulnerabilities/23531

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON