Lucene search

[email protected]CVE-2005-4353

HistoryDec 20, 2005 - 12:03 a.m.

CVE-2005-4353

2005-12-2000:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

4353

sql injection

index.php

toendacms 0.6.2.1

remote attackers

sql commands

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CPENameOperatorVersion
toenda_software_development:toendacmstoenda software development toendacmseq0.6.2.1

CPE	Name	Operator	Version
toenda_software_development:toendacms	toenda software development toendacms	eq	0.6.2.1

References

secunia.com/advisories/18058

www.osvdb.org/21768

www.vupen.com/english/advisories/2005/2926

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON