CVE-2005-4232

** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/15848
http://secunia.com/advisories/18007	Vendor Advisory
http://www.osvdb.org/21687
http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html
http://www.vupen.com/english/advisories/2005/2879	Vendor Advisory
http://www.attrition.org/pipermail/vim/2006-August/000972.html

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:jamit:jamit_job_board:*:*:*:*:*:*:*:*

Information

Published : 2005-12-14 03:03

Updated : 2012-12-12 18:46

NVD link : CVE-2005-4232

Mitre link : CVE-2005-4232

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

Products Affected

jamit

jamit_job_board

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/15848", "name": "15848", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18007", "name": "18007", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/21687", "name": "21687", "tags": [], "refsource": "OSVDB"}, {"url": "http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html", "name": "http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2005/2879", "name": "ADV-2005-2879", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.attrition.org/pipermail/vim/2006-August/000972.html", "name": "20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)", "tags": [], "refsource": "VIM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying \"The vulnerability is without any basis and did not actually work.\" CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4232", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-12-14T11:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jamit:jamit_job_board:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-12-13T02:46Z"}