7.5

CVE-2005-3868

Exploit

EPSS 0.63%
Veröffentlicht 29.11.2005 11:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Turn-k ≫ K-search Version <= 1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.693

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://pridels0.blogspot.com/2005/11/k-search-multiple-vuln.html

http://secunia.com/advisories/17719

Vendor Advisory

http://www.exploit-db.com/exploits/13993

http://www.osvdb.org/21127

http://www.securityfocus.com/bid/15588

Exploit

http://www.vupen.com/english/advisories/2005/2616

https://nvd.nist.gov/vuln/detail/CVE-2005-3868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3868

EUVD