Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0414

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0414
Last Modified 05 Sep 2008 04:46:13
Published 27 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0414

Summary

SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter.

Vulnerable Systems

Application

  • Mercuryboard 1.1.1


References

SECTRACK - 1013137

BUGTRAQ - 20050124 Multiple vulnerabilities in MercuryBoard 1.1.1

XF - mercuryboard-index-sql-injection(19051)

BUGTRAQ - 20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection

CONFIRM - http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70


Last Updated: 27 May 2016 10:39:48