Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4495

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4495
Last Modified 08 Aug 2011 12:00:00
Published 22 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4495

Summary

** DISPUTED ** SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax.

Vulnerable Systems

Application

  • Spiremedia Mx7


References

VUPEN - ADV-2005-3053

BID - 16039

OSVDB - 22066

MISC - http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html


Last Updated: 27 May 2016 10:41:19