CVE-2005-4223
9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.9%
Multiple βpotentialβ SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| utopia_software:utopia_news_pro | utopia software utopia news pro | eq | 1.1.4 |
References
glide.stanford.edu/yichen/research/sec.pdf
secunia.com/advisories/17988/
www.osvdb.org/21645
www.osvdb.org/21646
www.osvdb.org/21647
www.osvdb.org/21648
www.osvdb.org/21649
www.securityfocus.com/archive/1/419280/100/0/threaded
www.securityfocus.com/archive/1/419487/100/0/threaded
www.vupen.com/english/advisories/2005/2859
exchange.xforce.ibmcloud.com/vulnerabilities/23564
9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.9%