Lucene search

[email protected]CVE-2005-4546

HistoryDec 28, 2005 - 11:03 a.m.

CVE-2005-4546

2005-12-2811:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

eggblog

search.php

path disclosure

remote attack

sql injection

nvd

cve-2005-4546

8.6 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON

search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.

CPENameOperatorVersion
epic_designs:eggblogepic designs eggblogle2.0

CPE	Name	Operator	Version
epic_designs:eggblog	epic designs eggblog	le	2.0

References

pridels0.blogspot.com/2005/12/eggblog-vuln.html

secunia.com/advisories/18212

www.osvdb.org/21908

www.securityfocus.com/bid/16056

www.vupen.com/english/advisories/2005/3072

exchange.xforce.ibmcloud.com/vulnerabilities/23857

8.6 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON