CVE-2005-2468

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.

Ссылки

http://lists.mysql.com/eventum-users/2072
Patch
http://marc.info/?l=bugtraq&m=112292193807958&w=2
http://secunia.com/advisories/16304
Patch
Vendor Advisory
http://securitytracker.com/id?1014603
Exploit
Patch
http://www.gulftech.org/?node=research&article_id=00093-07312005
Exploit
http://www.osvdb.org/18403
Exploit
Patch
http://www.osvdb.org/18404
Exploit
Patch
http://www.osvdb.org/18405
Exploit
Patch
http://www.osvdb.org/18406
Exploit
Patch
http://www.securityfocus.com/bid/14437
Exploit
http://www.vupen.com/english/advisories/2005/1287
http://lists.mysql.com/eventum-users/2072
Patch
http://marc.info/?l=bugtraq&m=112292193807958&w=2
http://secunia.com/advisories/16304
Patch
Vendor Advisory
http://securitytracker.com/id?1014603
Exploit
Patch
http://www.gulftech.org/?node=research&article_id=00093-07312005
Exploit
http://www.osvdb.org/18403
Exploit
Patch
http://www.osvdb.org/18404
Exploit
Patch
http://www.osvdb.org/18405
Exploit
Patch
http://www.osvdb.org/18406
Exploit
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mysql:eventum:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01479

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8wh4-g2qx-mrwc

github

почти 4 года назад