CVE-2005-4159

Опубликовано: 11 дек. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*

Версия до 1.1_rc1 (включая)

EPSS

Процентиль: 78%

0.01112

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mrp2-f622-9548

github

почти 4 года назад

** DISPUTED ** NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor.