Vulnerability Details : CVE-2005-2675
Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
Vulnerability category: Sql Injection
Products affected by CVE-2005-2675
- cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2675
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2675
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-2675
-
http://securitytracker.com/id?1014747
securitytracker.comExploit
-
http://www.neocrome.net
403 Forbidden
-
http://www.securityfocus.com/bid/14618
Exploit
-
http://marc.info/?l=bugtraq&m=112456235729717&w=2
'Bugs Land Down Under v800' - MARC
Jump to