7.5

CVE-2005-4223

EPSS 1.34%
Veröffentlicht 14.12.2005 11:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Utopia Software ≫ Utopia News Pro Version1.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.34%	0.782

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://glide.stanford.edu/yichen/research/sec.pdf

http://www.securityfocus.com/archive/1/419280/100/0/threaded

http://secunia.com/advisories/17988/

Patch

Vendor Advisory

http://www.osvdb.org/21645

Patch

http://www.osvdb.org/21646

Patch

http://www.osvdb.org/21647

Patch

http://www.osvdb.org/21648

Patch

http://www.osvdb.org/21649

Patch

http://www.securityfocus.com/archive/1/419487/100/0/threaded

http://www.vupen.com/english/advisories/2005/2859

https://exchange.xforce.ibmcloud.com/vulnerabilities/23564

https://nvd.nist.gov/vuln/detail/CVE-2005-4223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4223

EUVD