CVE-2005-0996 : Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitra

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function.

Published 2005-05-02 04:00:00

Updated 2016-10-18 03:16:19

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2005-0996

Probability of exploitation activity in the next 30 days: 0.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-0996

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-0996

http://marc.info/?l=bugtraq&m=111289685724764&w=2

CVEs referencing this url

Products affected by CVE-2005-0996

Francisco Burzi » Php-nuke » Version: 7.6
cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-0996

Exploit prediction scoring system (EPSS) score for CVE-2005-0996

CVSS scores for CVE-2005-0996

References for CVE-2005-0996

Products affected by CVE-2005-0996