Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3236

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-3236
Last Modified 10 Sep 2008 03:45:59
Published 14 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3236

Summary

Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.

Vulnerable Systems

Application

  • Cynox Cyphor 0.19


References

XF - cyphor-lostpwd-newmsg-sql-injection(22552)

BID - 15047

SECUNIA - 17104

BUGTRAQ - 20051008 Cyphor 0.19 SQL Injection / Board takeover / cross site scripting

OSVDB - 19945

OSVDB - 19944

OSVDB - 19943

SECTRACK - 1015020

SREASON - 70


Last Updated: 27 May 2016 10:40:51