Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3840

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3840
Last Modified 05 Aug 2011 12:00:00
Published 26 Nov 2005 05:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3840

Summary

SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE-2005-3240.

Vulnerable Systems

Application

  • Omnistar Interactive Omnistar Live 5.2


References

VUPEN - ADV-2005-2561

OSVDB - 21077

SECUNIA - 17697

MISC - http://pridels0.blogspot.com/2005/11/omnistar-live-id-and-categoryid-sql.html


Last Updated: 27 May 2016 10:41:04