CVE-2005-0841 - SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) ce

CVE-2005-0841

Summary

SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field.

References

http://marc.info/?l=bugtraq&m=111143649730845&w=2
http://secunia.com/advisories/14642
http://securitytracker.com/id?1013493
http://www.securityfocus.com/bid/12860
https://exchange.xforce.ibmcloud.com/vulnerabilities/19787

Vulnerable Configurations

cpe:2.3:a:phpmyfamily:phpmyfamily:1.4:*:*:*:*:*:*:*
cpe:2.3:a:phpmyfamily:phpmyfamily:1.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12860
bugtraq	20050321 phpMyFamily 1.4.0 SQL vulnerabilities
sectrack	1013493
secunia	14642
xf	phpmyfamily-multiple-scripts-sql-injection(19787)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32