CVE-2005-2461 - Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remo

CVE-2005-2461

Summary

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.

References

http://marc.info/?l=bugtraq&m=112274359718863&w=2
http://secunia.com/advisories/16286
http://www.gulftech.org/?node=research&article_id=00092-07302005
http://www.osvdb.org/18396
http://www.securityfocus.com/bid/14425

Vulnerable Configurations

cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*
cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 18-10-2016 - 03:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	14425
bugtraq	20050730 Kayako liveResponse Multiple Vulnerabilities
misc	http://www.gulftech.org/?node=research&article_id=00092-07302005
osvdb	18396
secunia	16286

Last major update

18-10-2016 - 03:27

Published

31-12-2005 - 05:00

Last modified

18-10-2016 - 03:27