Lucene search

[email protected]CVE-2005-4563

HistoryDec 29, 2005 - 11:03 a.m.

CVE-2005-4563

2005-12-2911:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4563

sql injection

enterprise heart enterprise connector

nvd

security vulnerability

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON

SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875.

CPENameOperatorVersion
enterprise_heart:enterprise_connectorenterprise heart enterprise connectoreq1.0.2

CPE	Name	Operator	Version
enterprise_heart:enterprise_connector	enterprise heart enterprise connector	eq	1.0.2

References

marc.info/?l=full-disclosure&m=113510305413525&w=2

secunia.com/advisories/17743

securityreason.com/securityalert/278

www.osvdb.org/22163

www.securityfocus.com/archive/1/419895

www.securityfocus.com/bid/15984

exchange.xforce.ibmcloud.com/vulnerabilities/23845

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2005-4563

cve1