CVE-2005-0292

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=110599710017066&w=2
http://secunia.com/advisories/13873	Vendor Advisory
http://securitytracker.com/id?1012910
http://www.securityfocus.com/archive/1/392485	Patch Vendor Advisory
http://www.securityfocus.com/bid/12289	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18925
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=110599710017066&w=2
http://secunia.com/advisories/13873	Vendor Advisory
http://securitytracker.com/id?1012910
http://www.securityfocus.com/archive/1/392485	Patch Vendor Advisory
http://www.securityfocus.com/bid/12289	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18925

Configurations

Configuration 1 (hide)

cpe:2.3:a:php_gift_registry:phpgiftreg:1.4:*:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type	Values Removed	Values Added
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html - Exploit, Vendor Advisory~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html - Exploit, Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=110599710017066&w=2 -~~	() http://marc.info/?l=bugtraq&m=110599710017066&w=2 -
References	~~() http://secunia.com/advisories/13873 - Vendor Advisory~~	() http://secunia.com/advisories/13873 - Vendor Advisory
References	~~() http://securitytracker.com/id?1012910 -~~	() http://securitytracker.com/id?1012910 -
References	~~() http://www.securityfocus.com/archive/1/392485 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/archive/1/392485 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/12289 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/12289 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/18925 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/18925 -

Information

Published : 2005-01-17 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0292

Mitre link : CVE-2005-0292

CVE.ORG link : CVE-2005-0292

JSON object : View

Products Affected

php_gift_registry

phpgiftreg

CWE

NVD-CWE-Other

7.5 /10