CVE-2005-4010

Опубликовано: 05 дек. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.

Ссылки

http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html
http://secunia.com/advisories/17806
Vendor Advisory
http://www.osvdb.org/21340
http://www.osvdb.org/21341
http://www.securityfocus.com/bid/15635
http://www.vupen.com/english/advisories/2005/2641
https://exchange.xforce.ibmcloud.com/vulnerabilities/23309
http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html
http://secunia.com/advisories/17806
Vendor Advisory
http://www.osvdb.org/21340
http://www.osvdb.org/21341
http://www.securityfocus.com/bid/15635
http://www.vupen.com/english/advisories/2005/2641
https://exchange.xforce.ibmcloud.com/vulnerabilities/23309

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sensation_designs:kbase_express:*:*:*:*:*:*:*:*

Версия до 1.0.0 (включая)

EPSS

Процентиль: 74%

0.00816

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-4x9r-5p7j-xjmh

github

почти 4 года назад