| Vulnerability Name: | CVE-2005-1804 (CCN-20832) | ||||||||
| Assigned: | 2005-05-29 | ||||||||
| Published: | 2005-05-29 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-1804 Source: CCN Type: SECTRACK ID: 1014073 NPDS Input Validation Holes in `glossaire` Module and Links Search Script Permit SQL Injection Source: SECTRACK Type: Patch, Vendor Advisory 1014073 Source: CONFIRM Type: Patch, Vendor Advisory http://www.npds.org/download.php?op=geninfo&did=115 Source: CCN Type: NPDS Web site Index - NPDS Source: CCN Type: OSVDB ID: 16925 NPDS Glossaire Module terme Parameter SQL Injection Source: CCN Type: OSVDB ID: 16926 NPDS links.php Query Parameter SQL Injection Source: CCN Type: BID-13803 NPDS Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN npds-glossaire-links-sql-injection(20832) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||