Lucene search

[email protected]CVE-2005-4346

HistoryDec 19, 2005 - 3:47 a.m.

CVE-2005-4346

2005-12-1903:47:00

[email protected]

web.nvd.nist.gov

cve-2005-4346

sql syntax error

phpbb blog 2.2.2

remote attackers

invalid parameter

syntax error

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.

Affected configurations

NVD

Node

anthony_boydphpbb_blogRange≤2.2.2

CPENameOperatorVersion
anthony_boyd:phpbb_bloganthony boyd phpbb blogle2.2.2

CPE	Name	Operator	Version
anthony_boyd:phpbb_blog	anthony boyd phpbb blog	le	2.2.2

References

pridels0.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html

www.osvdb.org/21565

www.outshine.com/forums/viewtopic.php?t=308

exchange.xforce.ibmcloud.com/vulnerabilities/23495

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for CVE-2005-4346

nvd1 cvelist1