CVE-2005-3864 : SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQ

SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.

Published 2005-11-29 11:03:00

Updated 2011-03-08 02:27:18

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2005-3864

Probability of exploitation activity in the next 30 days: 11.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-3864

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-3864

Products affected by CVE-2005-3864

Berlios » Sourcewell
Versions up to, including, (<=) 1.1.2
cpe:2.3:a:berlios:sourcewell:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-3864

Exploit prediction scoring system (EPSS) score for CVE-2005-3864

CVSS scores for CVE-2005-3864

References for CVE-2005-3864

Products affected by CVE-2005-3864