| ID |
CVE-2005-0292
|
| Summary |
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 11-07-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 12289 | | bugtraq | - 20050116 phpGiftReq SQL Injection
- 20050307 Re: phpGiftReq SQL Injection
| | fulldisc | 20050116 phpGiftReq SQL Injection | | sectrack | 1012910 | | secunia | 13873 | | xf | phpgiftregistry-sql-injection(18925) |
|
| Last major update |
11-07-2017 - 01:32 |
| Published |
17-01-2005 - 05:00 |
| Last modified |
11-07-2017 - 01:32 |
