CVE-2005-2478 - SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL com

CVE-2005-2478

Summary

SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.

References

http://marc.info/?l=bugtraq&m=112309780321088&w=2
http://secunia.com/advisories/16315
http://securitytracker.com/id?1014622
http://www.osvdb.org/18517
http://www.rgod.altervista.org/silvernews.html
http://www.securityfocus.com/bid/14466
https://exchange.xforce.ibmcloud.com/vulnerabilities/21688

Vulnerable Configurations

cpe:2.3:a:silver-scripts:silvernews:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:silver-scripts:silvernews:2.0.3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14466
bugtraq	20050803 Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting
misc	http://www.rgod.altervista.org/silvernews.html
osvdb	18517
sectrack	1014622
secunia	16315
xf	silvernews-username-sql-injection(21688)

Last major update

11-07-2017 - 01:32

Published

05-08-2005 - 04:00

Last modified

11-07-2017 - 01:32