Lucene search

[email protected]CVE-2005-4547

HistoryDec 28, 2005 - 11:03 a.m.

CVE-2005-4547

2005-12-2811:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4547

xss

eggblog

sql injection

remote execution

search.php

nvd

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON

Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields.

Affected configurations

NVD

Node

epic_designseggblogRange≤2.0

CPENameOperatorVersion
epic_designs:eggblogepic designs eggblogle2.0

CPE	Name	Operator	Version
epic_designs:eggblog	epic designs eggblog	le	2.0

References

pridels0.blogspot.com/2005/12/eggblog-vuln.html

secunia.com/advisories/18212

www.osvdb.org/21909

exchange.xforce.ibmcloud.com/vulnerabilities/23856

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for CVE-2005-4547

cvelist1 nvd1