CVE-2005-0292

2005-02-1005:00:00

mitre

www.cve.org

8.6 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

References

lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html

marc.info/?l=bugtraq&m=110599710017066&w=2

secunia.com/advisories/13873

securitytracker.com/id?1012910

www.securityfocus.com/archive/1/392485

www.securityfocus.com/bid/12289

exchange.xforce.ibmcloud.com/vulnerabilities/18925