Lucene search
MitreCVE-2014-3871HistoryMay 27, 2014 - 2:00 p.m.
CVE-2014-3871
2014-05-2714:00:00
CWE-89
mitre
web.nvd.nist.gov
18
cve-2014-3871
sql injection
register.php
geodesic solutions
geocore max 7.3.3
geoclassifieds
geoauctions
remote attackers
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
Low
EPSS
0.011
Percentile
84.9%
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
Affected configurations
Node
geodesicsolutionsgeocore_maxMatch7.3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| geodesicsolutions | geocore_max | 7.3.3 | cpe:2.3:a:geodesicsolutions:geocore_max:7.3.3:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-3871
2014-05-27 14:00:00
CVE-2006-3823
2006-07-25 00:00:00
exploitdb
exploitdb
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection
2014-04-28 00:00:00
prion
prion
Sql injection
2014-05-27 13:55:00
nvd
nvd
CVE-2014-3871
2014-05-27 13:55:07
CVE-2006-3823
2006-07-25 13:22:00
cve
cve
CVE-2006-3823
2006-07-25 13:22:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
Low
EPSS
0.011
Percentile
84.9%
Related for CVE-2014-3871