Vulnerability Details : CVE-2005-4495
SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2005-4495
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4495
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-4495
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4495
-
http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html
Blog not found
-
http://www.vupen.com/english/advisories/2005/3053
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.osvdb.org/22066
404 Not Found
-
http://www.securityfocus.com/bid/16039
Products affected by CVE-2005-4495
- cpe:2.3:a:spiremedia:mx7:*:*:*:*:*:*:*:*