CVE-2005-4010 - SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute ar

CVE-2005-4010

Summary

SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.

References

http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html
http://secunia.com/advisories/17806
http://www.osvdb.org/21340
http://www.osvdb.org/21341
http://www.securityfocus.com/bid/15635
http://www.vupen.com/english/advisories/2005/2641
https://exchange.xforce.ibmcloud.com/vulnerabilities/23309

Vulnerable Configurations

cpe:2.3:a:sensation_designs:kbase_express:*:*:*:*:*:*:*:*
cpe:2.3:a:sensation_designs:kbase_express:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15635
misc	http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html
osvdb	21340 21341
secunia	17806
vupen	ADV-2005-2641
xf	kbaseexpress-multiple-sql-injection(23309)

Last major update

20-07-2017 - 01:29

Published

05-12-2005 - 11:03

Last modified

20-07-2017 - 01:29