Lucene search

PRIOn knowledge basePRION:CVE-2014-3871

HistoryMay 27, 2014 - 1:55 p.m.

Sql injection

2014-05-2713:55:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.

CPENameOperatorVersion
geocore_maxeq7.3.3

CPE	Name	Operator	Version
	geocore_max	eq	7.3.3

References

geodesicsolutions.com/changelog/7.3/changelog.html

osvdb.org/show/osvdb/106364

packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html

secunia.com/advisories/58308

www.securityfocus.com/bid/67078

www.exploit-db.com/exploits/33075

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for PRION:CVE-2014-3871

cve2