CVE-2005-0368 - Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL co

CVE-2005-0368

Summary

Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.

References

http://marc.info/?l=bugtraq&m=110803385223054&w=2
http://secunia.com/advisories/14142/
http://www.securityfocus.com/bid/12457
https://exchange.xforce.ibmcloud.com/vulnerabilities/19235

Vulnerable Configurations

cpe:2.3:a:chipmunk_scripts:cmscore:*:*:*:*:*:*:*:*
cpe:2.3:a:chipmunk_scripts:cmscore:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12457
bugtraq	20050209 CMS Core SQL injection
secunia	14142
xf	cmscore-multiple-sql-injection(19235)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32