1. CVE-Search
  2. CVE-2005-2152
ID CVE-2005-2152
Summary SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
References
Vulnerable Configurations
  • cpe:2.3:a:geeklog:geeklog:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.7_sr1:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.7_sr1:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.7_sr2:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.7_sr2:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.7_sr3:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.7_sr3:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.7_sr4:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.7_sr4:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.7_sr5:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.7_sr5:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr1:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr1:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr2:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr2:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr3:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr3:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr4:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr4:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr5:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr5:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr6:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr6:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.9_sr1:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.9_sr1:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.9_sr2:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.9_sr2:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.9_sr3:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.9_sr3:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 20:51)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm http://www.geeklog.net/article.php/geeklog-1.3.11sr1
misc http://www.hardened-php.net/advisory-062005.php
sectrack 1014381
secunia 15914
Last major update 05-09-2008 - 20:51
Published 06-07-2005 - 04:00
Last modified 05-09-2008 - 20:51
Back to Top