6.4

CVE-2005-2468

Exploit
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MysqlEventum Version1.1
MysqlEventum Version1.2
MysqlEventum Version1.2.2
MysqlEventum Version1.3
MysqlEventum Version1.3.1
MysqlEventum Version1.4
MysqlEventum Version1.5.4
MysqlEventum Version1.5.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.04% 0.788
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.mysql.com/eventum-users/2072
Patch
http://marc.info/?l=bugtraq&m=112292193807958&w=2
http://secunia.com/advisories/16304
Patch
Vendor Advisory
http://securitytracker.com/id?1014603
Patch
Exploit
http://www.gulftech.org/?node=research&article_id=00093-07312005
Exploit
http://www.vupen.com/english/advisories/2005/1287
http://www.osvdb.org/18403
Patch
Exploit
http://www.osvdb.org/18404
Patch
Exploit
http://www.osvdb.org/18405
Patch
Exploit
http://www.osvdb.org/18406
Patch
Exploit
http://www.securityfocus.com/bid/14437
Exploit