Vulnerabilities > CVE-2005-3868 - SQL Injection vulnerability in K-Search
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description K-Search (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2010-2457. Webapps exploit for php platform file exploits/php/webapps/13993.txt id EDB-ID:13993 last seen 2016-02-01 modified 2010-06-22 platform php port published 2010-06-22 reporter Sangteamtham source https://www.exploit-db.com/download/13993/ title k-search sql/XSS Multiple Vulnerabilities type webapps description K-Search 1.0 SQL Injection Vulnerabilities. CVE-2005-3868. Webapps exploit for php platform id EDB-ID:26619 last seen 2016-02-03 modified 2005-11-28 published 2005-11-28 reporter r0t source https://www.exploit-db.com/download/26619/ title K-Search 1.0 - SQL Injection Vulnerabilities