Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3419

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3419
Last Modified 07 Mar 2011 09:26:30
Published 01 Nov 2005 04:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3419

Summary

SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0 Beta1

  • Phpbb Group Phpbb 2.0 Rc1

  • Phpbb Group Phpbb 2.0 Rc2

  • Phpbb Group Phpbb 2.0 Rc3

  • Phpbb Group Phpbb 2.0 Rc4

  • Phpbb Group Phpbb 2.0.0

  • Phpbb Group Phpbb 2.0.1

  • Phpbb Group Phpbb 2.0.10

  • Phpbb Group Phpbb 2.0.11

  • Phpbb Group Phpbb 2.0.12

  • Phpbb Group Phpbb 2.0.13

  • Phpbb Group Phpbb 2.0.14

  • Phpbb Group Phpbb 2.0.15

  • Phpbb Group Phpbb 2.0.16

  • Phpbb Group Phpbb 2.0.17

  • Phpbb Group Phpbb 2.0.2

  • Phpbb Group Phpbb 2.0.3

  • Phpbb Group Phpbb 2.0.4

  • Phpbb Group Phpbb 2.0.5

  • Phpbb Group Phpbb 2.0.6

  • Phpbb Group Phpbb 2.0.6c

  • Phpbb Group Phpbb 2.0.6d

  • Phpbb Group Phpbb 2.0.7

  • Phpbb Group Phpbb 2.0.7a

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a

  • Phpbb Group Phpbb 2.0.9


References

BID - 15243

OSVDB - 20390

MISC - http://www.hardened-php.net/advisory_172005.75.html

SECTRACK - 1015121

BUGTRAQ - 20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities

VUPEN - ADV-2005-2250

SECUNIA - 17366

DEBIAN - DSA-925

SREASON - 130

SECUNIA - 18098


Last Updated: 27 May 2016 10:40:56