CVE-2005-0265 - Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to ex

CVE-2005-0265

Summary

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

References

http://marc.info/?l=bugtraq&m=110461644407935&w=2
http://secunia.com/advisories/13695
http://www.securityfocus.com/bid/12114
https://exchange.xforce.ibmcloud.com/vulnerabilities/18704

Vulnerable Configurations

cpe:2.3:a:owl:owl_intranet_engine:0.7:*:*:*:*:*:*:*
cpe:2.3:a:owl:owl_intranet_engine:0.7:*:*:*:*:*:*:*
cpe:2.3:a:owl:owl_intranet_engine:0.8:*:*:*:*:*:*:*
cpe:2.3:a:owl:owl_intranet_engine:0.8:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12114
bugtraq	20050101 Various Vulnerabilities in OWL Intranet Engine
secunia	13695
xf	owl-intranet-engine-sql-injection(18704)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32