CVE-2005-4408 - Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to e

CVE-2005-4408

Summary

Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.

References

http://pridels0.blogspot.com/2005/12/miraserver-sql-vuln.html
http://secunia.com/advisories/18110
http://www.osvdb.org/21836
http://www.osvdb.org/21837
http://www.osvdb.org/21838
http://www.securityfocus.com/bid/15960

Vulnerable Configurations

cpe:2.3:a:pc_media:miraserver:*:*:*:*:*:*:*:*
cpe:2.3:a:pc_media:miraserver:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-09-2008 - 04:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15960
misc	http://pridels0.blogspot.com/2005/12/miraserver-sql-vuln.html
osvdb	21836 21837 21838
secunia	18110

Last major update

20-09-2008 - 04:43

Published

20-12-2005 - 11:03

Last modified

20-09-2008 - 04:43