Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2478

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2478
Last Modified 05 Sep 2008 04:51:52
Published 05 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2478

Summary

SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.

Vulnerable Systems

Application

  • Silver-scripts Silvernews 2.0.3


References

SECUNIA - 16315

BID - 14466

MISC - http://www.rgod.altervista.org/silvernews.html

XF - silvernews-username-sql-injection(21688)

OSVDB - 18517

SECTRACK - 1014622

BUGTRAQ - 20050803 Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting


Last Updated: 27 May 2016 10:40:32