Lucene search

[email protected]CVE-2005-4331

HistoryDec 17, 2005 - 11:03 a.m.

CVE-2005-4331

2005-12-1711:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4331

sql injection

ihtml merchant

security vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.

CPENameOperatorVersion
ihtml_merchant:ihtml_merchantihtml merchanteq2_pro

CPE	Name	Operator	Version
ihtml_merchant:ihtml_merchant	ihtml merchant	eq	2_pro

References

pridels0.blogspot.com/2005/12/ihtml-merchant-version-2-pro-sql-inj.html

secunia.com/advisories/18089

www.osvdb.org/21808

www.securityfocus.com/bid/15911

www.vupen.com/english/advisories/2005/2967

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON