Lucene search

[email protected]CVE-2005-4702

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4702

2022-10-0316:22:46

[email protected]

web.nvd.nist.gov

cve-2005-4702

ipbproarcade

sql injection

security vulnerability

favorites module

index.php

remote attackers

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.

Affected configurations

NVD

Node

ipbproarcadeipbproarcadeMatch2.5.2

CPENameOperatorVersion
ipbproarcade:ipbproarcadeipbproarcadeeq2.5.2

CPE	Name	Operator	Version
ipbproarcade:ipbproarcade	ipbproarcade	eq	2.5.2

References

www.securityfocus.com/bid/15205

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2005-4702

cvelist2 nvd2 openvas1 nessus1 cve1