CVE-2005-3953 - SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL comma

CVE-2005-3953

Summary

SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.

References

http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html
http://secunia.com/advisories/17760
http://www.osvdb.org/21174
http://www.osvdb.org/21175
http://www.osvdb.org/21176
http://www.securityfocus.com/bid/15583

Vulnerable Configurations

cpe:2.3:a:bedeng_psp:bedeng_psp:1.1:*:*:*:*:*:*:*
cpe:2.3:a:bedeng_psp:bedeng_psp:1.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-10-2008 - 04:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15583
misc	http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html
osvdb	21174 21175 21176
secunia	17760

Last major update

03-10-2008 - 04:41

Published

01-12-2005 - 06:03

Last modified

03-10-2008 - 04:41