Lucene search

[email protected]NVD:CVE-2005-0292

HistoryJan 17, 2005 - 5:00 a.m.

CVE-2005-0292

2005-01-1705:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

Affected configurations

Nvd

Node

php_gift_registryphpgiftregMatch1.4

VendorProductVersionCPE
php_gift_registryphpgiftreg1.4cpe:2.3:a:php_gift_registry:phpgiftreg:1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_gift_registry	phpgiftreg	1.4	cpe:2.3:a:php_gift_registry:phpgiftreg:1.4:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html

marc.info/?l=bugtraq&m=110599710017066&w=2

secunia.com/advisories/13873

securitytracker.com/id?1012910

www.securityfocus.com/archive/1/392485

www.securityfocus.com/bid/12289

exchange.xforce.ibmcloud.com/vulnerabilities/18925

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

Related for NVD:CVE-2005-0292

cvelist1 cve1