Vulnerabilities > CVE-2005-3363 - Input Validation vulnerability in Saphp Saphplesson 1.1/2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit. CVE-2005-3363. Webapps exploit for php platform file exploits/php/webapps/1530.pl id EDB-ID:1530 last seen 2016-01-31 modified 2006-02-25 platform php port published 2006-02-25 reporter SnIpEr_SA source https://www.exploit-db.com/download/1530/ title SaphpLesson 2.0 forumid Remote SQL Injection Exploit type webapps description saphp Lesson add.php forumid Parameter SQL Injection. CVE-2005-3363 . Webapps exploit for php platform id EDB-ID:26390 last seen 2016-02-03 modified 2005-10-26 published 2005-10-26 reporter almaster source https://www.exploit-db.com/download/26390/ title saphp Lesson add.php forumid Parameter SQL Injection
References
- http://marc.info/?l=bugtraq&m=113018965520240&w=2
- http://secunia.com/advisories/17308/
- http://securityreason.com/securityalert/111
- http://www.attrition.org/pipermail/vim/2005-October/000313.html
- http://www.osvdb.org/20289
- http://www.osvdb.org/20290
- http://www.securityfocus.com/archive/1/430906/30/5610/threaded
- http://www.securityfocus.com/archive/1/440120/100/0/threaded
- http://www.securityfocus.com/archive/1/472799/100/0/threaded
- http://www.securityfocus.com/bid/15185
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27746
- https://www.exploit-db.com/exploits/1530