CVE-2005-3423 - Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitra

CVE-2005-3423

Summary

Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.

References

http://rst.void.ru/papers/advisory35.txt
http://secunia.com/advisories/17378
http://www.osvdb.org/20378
http://www.osvdb.org/20379
http://www.osvdb.org/20380
http://www.osvdb.org/20381
http://www.osvdb.org/20382
http://www.osvdb.org/20384
http://www.securityfocus.com/bid/15238

Vulnerable Configurations

cpe:2.3:a:subdreamer:subdreamer:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:subdreamer:subdreamer:2.2.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 20:54)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15238
misc	http://rst.void.ru/papers/advisory35.txt
osvdb	20378 20379 20380 20381 20382 20384
secunia	17378

Last major update

05-09-2008 - 20:54

Published

01-11-2005 - 22:02

Last modified

05-09-2008 - 20:54