Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3952

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3952
Last Modified 05 Aug 2011 12:00:00
Published 01 Dec 2005 01:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3952

Summary

SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.

Vulnerable Systems

Application

  • Php Labs Top Auction 1.0


References

VUPEN - ADV-2005-2552

BID - 15547

BUGTRAQ - 20070421 Re: Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // starhack.org

BUGTRAQ - 20070421 Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // starhack.org

OSVDB - 21106

OSVDB - 21105

MILW0RM - 3456

SECUNIA - 17687

MISC - http://pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html


Last Updated: 27 May 2016 10:41:07