Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1875

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1875
Last Modified 05 Sep 2008 04:50:18
Published 02 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1875

Summary

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.

Vulnerable Systems

Application

  • Exhibit Engine 1.22

  • Exhibit Engine 1.54 Rc4


References

SECUNIA - 15583

BUGTRAQ - 20050602 SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection

BID - 13844

OSVDB - 17006

CONFIRM - http://photography-on-the.net/forum/showthread.php?p=579692


Last Updated: 27 May 2016 10:40:19