Vulnerabilities > CVE-2005-3844 - SQL Injection vulnerability in PHPwordpress PHP News and Article Manager 3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phpwordpress

exploit available

NVD

Published: 2005-11-26

Updated: 2011-03-08

Summary

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.

Vulnerable Configurations

Part	Description	Count
Application	Phpwordpress Phpwordpress PHP News AND Article Manager 3.0	1

Exploit-Db

description	PHPWordPress 3.0 Multiple SQL Injection Vulnerabilities. CVE-2005-3844. Webapps exploit for php platform
id	EDB-ID:26608
last seen	2016-02-03
modified	2005-11-28
published	2005-11-28
reporter	r0t
source	https://www.exploit-db.com/download/26608/
title	PHPWordPress 3.0 - Multiple SQL Injection Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References