Vulnerabilities > CVE-2005-3305 - SQL Injection vulnerability in Nuked-Klan 1.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Nuked-Klan 1.7 Links Module link_id Parameter SQL Injection. CVE-2005-3305 . Webapps exploit for php platform id EDB-ID:26389 last seen 2016-02-03 modified 2005-10-24 published 2005-10-24 reporter papipsycho source https://www.exploit-db.com/download/26389/ title Nuked-Klan 1.7 Links Module link_id Parameter SQL Injection description Nuked-Klan 1.7 Download Module dl_id Parameter SQL Injection. CVE-2005-3305 . Webapps exploit for php platform id EDB-ID:26388 last seen 2016-02-03 modified 2005-10-24 published 2005-10-24 reporter papipsycho source https://www.exploit-db.com/download/26388/ title Nuked-Klan 1.7 Download Module dl_id Parameter SQL Injection
References
- http://marc.info/?l=bugtraq&m=113017972620427&w=2
- http://marc.info/?l=bugtraq&m=113019206306710&w=2
- http://marc.info/?l=bugtraq&m=113019342213796&w=2
- http://secunia.com/advisories/17304/
- http://www.nuked-klan.org/
- http://www.osvdb.org/20337
- http://www.osvdb.org/20338
- http://www.osvdb.org/20339
- http://www.osvdb.org/20340
- http://www.securityfocus.com/bid/15181
- http://www.vupen.com/english/advisories/2005/2189
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22847