Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4159

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4159
Last Modified 05 Sep 2008 04:56:12
Published 11 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4159

Summary

** DISPUTED ** NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor.

Vulnerable Systems

Application

  • Simple Machines Forum 1.1 Rc1


References

XF - smf-memberlist-sql-injection(23546)

BID - 15791

BUGTRAQ - 20051213 Re: Re: Re: [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051211 Re: Re: [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051210 Re: [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051209 [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051209 SMF SQL Injection


Last Updated: 27 May 2016 10:41:12