Vulnerabilities > CVE-2005-3305 - SQL Injection vulnerability in Nuked-Klan 1.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nuked-klan
exploit available

Summary

Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.

Vulnerable Configurations

Part Description Count
Application
Nuked-Klan
1

Exploit-Db

  • descriptionNuked-Klan 1.7 Links Module link_id Parameter SQL Injection. CVE-2005-3305 . Webapps exploit for php platform
    idEDB-ID:26389
    last seen2016-02-03
    modified2005-10-24
    published2005-10-24
    reporterpapipsycho
    sourcehttps://www.exploit-db.com/download/26389/
    titleNuked-Klan 1.7 Links Module link_id Parameter SQL Injection
  • descriptionNuked-Klan 1.7 Download Module dl_id Parameter SQL Injection. CVE-2005-3305 . Webapps exploit for php platform
    idEDB-ID:26388
    last seen2016-02-03
    modified2005-10-24
    published2005-10-24
    reporterpapipsycho
    sourcehttps://www.exploit-db.com/download/26388/
    titleNuked-Klan 1.7 Download Module dl_id Parameter SQL Injection