CVE-2005-2432

SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=112258115325054&w=2
http://marc.info/?l=bugtraq&m=112291396731712&w=2
http://secunia.com/advisories/16274	Vendor Advisory
http://securitytracker.com/id?1014607
http://www.osvdb.org/18316
http://www.securityfocus.com/bid/14403
https://exchange.xforce.ibmcloud.com/vulnerabilities/21576
http://marc.info/?l=bugtraq&m=112258115325054&w=2
http://marc.info/?l=bugtraq&m=112291396731712&w=2
http://secunia.com/advisories/16274	Vendor Advisory
http://securitytracker.com/id?1014607
http://www.osvdb.org/18316
http://www.securityfocus.com/bid/14403
https://exchange.xforce.ibmcloud.com/vulnerabilities/21576

Configurations

Configuration 1 (hide)

cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:59

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=112258115325054&w=2 -~~	() http://marc.info/?l=bugtraq&m=112258115325054&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=112291396731712&w=2 -~~	() http://marc.info/?l=bugtraq&m=112291396731712&w=2 -
References	~~() http://secunia.com/advisories/16274 - Vendor Advisory~~	() http://secunia.com/advisories/16274 - Vendor Advisory
References	~~() http://securitytracker.com/id?1014607 -~~	() http://securitytracker.com/id?1014607 -
References	~~() http://www.osvdb.org/18316 -~~	() http://www.osvdb.org/18316 -
References	~~() http://www.securityfocus.com/bid/14403 -~~	() http://www.securityfocus.com/bid/14403 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/21576 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/21576 -

Information

Published : 2005-08-03 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-2432

Mitre link : CVE-2005-2432

CVE.ORG link : CVE-2005-2432

JSON object : View

Products Affected

tincan

phplist

CWE

NVD-CWE-Other

{"id": "CVE-2005-2432", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=112291396731712&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16274", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014607", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18316", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14403", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21576", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=112291396731712&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/16274", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1014607", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18316", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/14403", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21576", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin."}, {"lang": "es", "value": "Vulerabilidad de inyecci\u00f3n de SQL en PhpList permite que atacantes remotos modifiquen sentencias SQL mediante el argumento id en las p\u00e1ginas de administraci\u00f3, tales como \"members\" o \"admin\"."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35D81DDB-41DD-406E-85A1-49B739B519E4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10