7.5
CVE-2005-0805
- EPSS 1.23%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Subdreamer ≫ Subdreamer Light Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.23% | 0.65 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://marc.info/?l=bugtraq&m=111116479910230&w=2
http://www.securityfocus.com/archive/1/437983/100/200/threaded
http://www.securityfocus.com/bid/12839
http://www.subdreamer.com/forum/showthread.php?t=2501