Lucene search

[email protected]CVE-2005-4159

HistoryDec 11, 2005 - 11:03 a.m.

CVE-2005-4159

2005-12-1111:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4159

sql injection

smf

memberlist.php

arbitrary execution

remote attack

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.5%

JSON

NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an “invalid SQL syntax error.” Multiple followups support the vendor

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumle1.1_rc1

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	le	1.1_rc1

References

archives.neohapsis.com/archives/bugtraq/2005-12/0090.html

www.securityfocus.com/archive/1/419068/100/0/threaded

www.securityfocus.com/archive/1/419105/100/0/threaded

www.securityfocus.com/archive/1/419250/100/0/threaded

www.securityfocus.com/archive/1/419535/100/0/threaded

www.securityfocus.com/bid/15791

exchange.xforce.ibmcloud.com/vulnerabilities/23546

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2005-4159

cvelist1