CVE-2005-2675 - Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under

CVE-2005-2675

Summary

Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

References

Vulnerable Configurations

cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-04-2024 - 00:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14618
bugtraq	20050820 Bugs Land Down Under v800
misc	http://www.neocrome.net
sectrack	1014747

Last major update

11-04-2024 - 00:39

Published

23-08-2005 - 04:00

Last modified

11-04-2024 - 00:39