CVE-2005-1287

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.digitalparadox.org/advisories/bkdev.txt	Exploit
http://secunia.com/advisories/15072
http://securitytracker.com/id?1013793	Exploit
http://www.osvdb.org/15784
http://www.osvdb.org/15785
http://www.osvdb.org/15786
http://marc.info/?l=bugtraq&m=111428133317901&w=2
http://www.securityfocus.com/archive/1/431863/100/0/threaded
http://www.securityfocus.com/archive/1/431659/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:bk_dev:bk_forum:*:*:*:*:*:*:*:*

Information

Published : 2005-04-22 21:00

Updated : 2018-10-19 08:31

NVD link : CVE-2005-1287

Mitre link : CVE-2005-1287

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

bk_dev

bk_forum

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.digitalparadox.org/advisories/bkdev.txt", "name": "http://www.digitalparadox.org/advisories/bkdev.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/15072", "name": "15072", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1013793", "name": "1013793", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/15784", "name": "15784", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/15785", "name": "15785", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/15786", "name": "15786", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=111428133317901&w=2", "name": "20050423 Multiple Sql injection vulnerabilities in BK Forum v.4", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/431863/100/0/threaded", "name": "20060423 BK Forum <= 4.0 Remote SQL Injection", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/431659/100/0/threaded", "name": "20060421 BK Forum <<--V.4.0 SQL Injection", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1287", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-04-23T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bk_dev:bk_forum:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:31Z"}