CVE-2005-3236

Published Oct 14, 2005

Last updated 7 years ago

Overview

Description: Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cynox:cyphor:0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9961F038-5A12-4D81-B023-A92BA7CEC114"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References