CVE-2005-3871

Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/15590
http://secunia.com/advisories/17727	Vendor Advisory
http://www.osvdb.org/21148
http://www.osvdb.org/21149
http://www.osvdb.org/21150
http://www.osvdb.org/21151
http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html
http://www.vupen.com/english/advisories/2005/2620

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:jbb:jbb:*:*:*:*:*:*:*:*

Information

Published : 2005-11-29 03:03

Updated : 2011-03-07 18:27

NVD link : CVE-2005-3871

Mitre link : CVE-2005-3871

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

jbb

jbb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/15590", "name": "15590", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/17727", "name": "17727", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/21148", "name": "21148", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/21149", "name": "21149", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/21150", "name": "21150", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/21151", "name": "21151", "tags": [], "refsource": "OSVDB"}, {"url": "http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html", "name": "http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2005/2620", "name": "ADV-2005-2620", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3871", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-11-29T11:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jbb:jbb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.9.9_rc3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:27Z"}