CVE-2005-0413

CVSS V2 High 7.5 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
Overview
  • CVE ID
  • CVE-2005-0413
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2005-04-27T04:00:00
  • Last Modified Date
  • 2017-10-11T01:29:55
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:myphp_forum:myphp_forum:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:myphp_forum:myphp_forum:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:myphp_forum:myphp_forum:3.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://seclists.org/lists/bugtraq/2005/Feb/0125.html Exploit
http://securitytracker.com/id?1013136 Exploit Vendor Advisory
http://www.securityfocus.com/bid/12501
http://secunia.com/advisories/14205 Vendor Advisory
http://www.securityfocus.com/bid/27083
https://exchange.xforce.ibmcloud.com/vulnerabilities/39348
https://exchange.xforce.ibmcloud.com/vulnerabilities/19272
https://www.exploit-db.com/exploits/4822
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2005-0413
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0413
History
Created Old Value New Value Data Type Notes
2022-05-10 19:00:27 Added to TrackCVE