Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3363

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3363
Last Modified 10 Sep 2008 03:46:59
Published 30 Oct 2005 09:34:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3363

Summary

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Vulnerable Systems

Application

  • Saphplesson 1.1

  • Saphplesson 2.0


References

XF - saphplesson-multiple-sql-injection(22861)

SECUNIA - 17308

BUGTRAQ - 20051024 SQL saphp Lesson

XF - saphp-add-sql-injection(27746)

BID - 15185

BUGTRAQ - 20070704 SQL Injection in saphp "showcat.php"

BUGTRAQ - 20060711 saphp "add.php" forumid Parameter SQL Injection

BUGTRAQ - 20060412 SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit

OSVDB - 20290

OSVDB - 20289

VIM - 20051029 Saphp Lesson

SREASON - 111

MILW0RM - 1530


Last Updated: 27 May 2016 10:40:54