CVE-2005-2575 : SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands

SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.

Published 2005-08-16 04:00:00

Updated 2021-04-29 15:15:10

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2005-2575

Probability of exploitation activity in the next 30 days: 0.32%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2575

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

Vendor statements for CVE-2005-2575

XMB 2021-04-23

XMB versions 1.9.8 and later were checked and are not vulnerable. Upgrades are available at https://www.xmbforum2.com/

References for CVE-2005-2575

http://www.securityfocus.com/bid/14523
https://docs.xmbforum2.com/index.php?title=Security_Issue_History

Security Issue History - XMBdocs

CVEs referencing this url
http://marc.info/?l=bugtraq&m=112361545228809&w=2

CVEs referencing this url

Products affected by CVE-2005-2575

Xmb Forum » XMB » Version: 1.9.1
cpe:2.3:a:xmb_forum:xmb:1.9.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2575

Exploit prediction scoring system (EPSS) score for CVE-2005-2575

CVSS scores for CVE-2005-2575

Vendor statements for CVE-2005-2575

References for CVE-2005-2575

Products affected by CVE-2005-2575