CVE-2005-4656 - SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to

CVE-2005-4656

Summary

SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/TClanPortal_sql_inj.pl
http://secunia.com/advisories/17324
http://www.osvdb.org/20305
http://www.securityfocus.com/bid/15173
http://www.vupen.com/english/advisories/2005/2187
https://exchange.xforce.ibmcloud.com/vulnerabilities/22869

Vulnerable Configurations

cpe:2.3:a:triggertg:tclanportal:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:triggertg:tclanportal:1.1.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	15173
misc	http://downloads.securityfocus.com/vulnerabilities/exploits/TClanPortal_sql_inj.pl
osvdb	20305
secunia	17324
vupen	ADV-2005-2187
xf	tclanportal-index-sql-injection(22869)

Last major update

20-07-2017 - 01:29

Published

31-12-2005 - 05:00

Last modified

20-07-2017 - 01:29