Vulnerability Details : CVE-2005-4232
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2005-4232
Probability of exploitation activity in the next 30 days: 0.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4232
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-4232
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4232
-
http://www.vupen.com/english/advisories/2005/2879
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.osvdb.org/21687
404 Not Found
-
http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html
Blog not found
-
http://www.attrition.org/pipermail/vim/2006-August/000972.html
[VIM] vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)
-
http://secunia.com/advisories/18007
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/bid/15848
Products affected by CVE-2005-4232
- cpe:2.3:a:jamit:jamit_job_board:*:*:*:*:*:*:*:*