Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3555

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2005-3555
Last Modified 07 Mar 2011 09:26:46
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-3555

Summary

Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.

Vulnerable Systems

Application

  • Tincan Phplist 2.10.1


References

MISC - http://www.trapkit.de/advisories/TKADV2005-11-001.txt

BUGTRAQ - 20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist

SECUNIA - 17476

VUPEN - ADV-2005-2345

BID - 15350

OSVDB - 20568

OSVDB - 20567


Last Updated: 27 May 2016 10:40:58