CVE-2005-2788 - Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attacke

CVE-2005-2788

Summary

Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.

References

Vulnerable Configurations

cpe:2.3:a:neocrome:land_down_under:700.01:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.01:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.02:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.02:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.03:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.03:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.04:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.04:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.05:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:700.05:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:701:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:701:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:801:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:801:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14685
bugtraq	20050829 Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities
xf	landdownunder-events-index-list-sql-injection(22047)

Last major update

11-07-2017 - 01:32

Published

02-09-2005 - 23:03

Last modified

11-07-2017 - 01:32