Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1237

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1237
Last Modified 07 Mar 2011 09:21:30
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1237

Summary

SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

Vulnerable Systems

Application

  • China-on-site Flexphpnews 0.0.3


References

XF - flexphpnews-newsphp-sql-injection(20214)

VUPEN - ADV-2005-0373

BID - 13297

OSVDB - 15715

SECUNIA - 14905

XF - flexphpnew-news-sql-injection(33362)

BID - 23247

MILW0RM - 3631

VIM - 20070411 Rediscovery: Flexphpnews news.php/newsid SQL injection


Last Updated: 27 May 2016 10:40:05