CVE-2005-0292

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html	Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/392485	Patch Vendor Advisory
http://www.securityfocus.com/bid/12289	Patch Vendor Advisory
http://secunia.com/advisories/13873	Vendor Advisory
http://securitytracker.com/id?1012910
http://marc.info/?l=bugtraq&m=110599710017066&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18925

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:php_gift_registry:phpgiftreg:1.4:*:*:*:*:*:*:*

Information

Published : 2005-01-16 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-0292

Mitre link : CVE-2005-0292

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

php_gift_registry

phpgiftreg

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html", "name": "20050116 phpGiftReq SQL Injection", "tags": ["Exploit", "Vendor Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/archive/1/392485", "name": "20050307 Re: phpGiftReq SQL Injection", "tags": ["Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/12289", "name": "12289", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/13873", "name": "13873", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1012910", "name": "1012910", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=110599710017066&w=2", "name": "20050116 phpGiftReq SQL Injection", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18925", "name": "phpgiftregistry-sql-injection(18925)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0292", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-01-17T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php_gift_registry:phpgiftreg:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}