CVE-2005-0413

{"id": "CVE-2005-0413", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-04-27T04:00:00.000", "references": [{"url": "http://seclists.org/lists/bugtraq/2005/Feb/0125.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/14205", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013136", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12501", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27083", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19272", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39348", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4822", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades por inyecci\u00f3n de SQL en MyPHP Forum 1.0 permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) el fid en forum.php, (2)el par\u00e1metro 'member' en member.php, (3)el par\u00e1metro 'email' en forgot.php, o (4) el par\u00e1metro 'nbuser' o el 'nbpass' en include.php.\r\nNOTA: posteriormente se inform\u00f3 de que existe el vector 2 en 3.0 y versiones anteriores.\r\n"}], "lastModified": "2017-10-11T01:29:55.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:myphp_forum:myphp_forum:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AF9BC75-9F03-4398-BC6B-7D02B1753B6B"}, {"criteria": "cpe:2.3:a:myphp_forum:myphp_forum:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7471B313-A6A2-4D1B-BE21-CB14A20F1400"}, {"criteria": "cpe:2.3:a:myphp_forum:myphp_forum:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B9CD454-EFE4-4F73-A25E-B9012DFCCAAC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}