CVE-2005-3939 - Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers

CVE-2005-3939

Summary

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

References

http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html
http://secunia.com/advisories/17810
http://www.osvdb.org/21262
http://www.osvdb.org/21263
http://www.osvdb.org/21264
http://www.securityfocus.com/bid/15656

Vulnerable Configurations

cpe:2.3:a:wsn_knowledge_base:wsn_knowledge_base:*:*:*:*:*:*:*:*
cpe:2.3:a:wsn_knowledge_base:wsn_knowledge_base:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-10-2008 - 04:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15656
misc	http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html
osvdb	21262 21263 21264
secunia	17810

Last major update

03-10-2008 - 04:41

Published

01-12-2005 - 06:03

Last modified

03-10-2008 - 04:41