Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3939

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3939
Last Modified 03 Oct 2008 12:41:42
Published 01 Dec 2005 01:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3939

Summary

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

Vulnerable Systems

Application

  • Wsn Knowledge Base 1.2.0


References

BID - 15656

SECUNIA - 17810

OSVDB - 21264

OSVDB - 21263

OSVDB - 21262

MISC - http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html


Last Updated: 27 May 2016 10:41:07