Vulnerabilities > CVE-2005-3938 - SQL Injection vulnerability in Softbiz FAQ

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

softbiz

exploit available

NVD

Published: 2005-12-01

Updated: 2009-10-09

Summary

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

Vulnerable Configurations

Part	Description	Count
Application	Softbiz Softbiz FAQ *	1

Exploit-Db

description	SoftBiz FAQ 1.1 faq_qanda.php id Parameter SQL Injection. CVE-2005-3938. Webapps exploit for php platform
id	EDB-ID:26674
last seen	2016-02-03
modified	2005-11-30
published	2005-11-30
reporter	r0t
source	https://www.exploit-db.com/download/26674/
title	SoftBiz FAQ 1.1 faq_qanda.php id Parameter SQL Injection

description	SoftBiz FAQ 1.1 refer_friend.php id Parameter SQL Injection. CVE-2005-3938. Webapps exploit for php platform
id	EDB-ID:26675
last seen	2016-02-03
modified	2005-11-30
published	2005-11-30
reporter	r0t
source	https://www.exploit-db.com/download/26675/
title	SoftBiz FAQ 1.1 refer_friend.php id Parameter SQL Injection

description	SoftBiz FAQ 1.1 add_comment.php id Parameter SQL Injection. CVE-2005-3938. Webapps exploit for php platform
id	EDB-ID:26677
last seen	2016-02-03
modified	2005-11-30
published	2005-11-30
reporter	r0t
source	https://www.exploit-db.com/download/26677/
title	SoftBiz FAQ 1.1 add_comment.php id Parameter SQL Injection

description	SoftBiz FAQ 1.1 index.php cid Parameter SQL Injection. CVE-2005-3938. Webapps exploit for php platform
id	EDB-ID:26673
last seen	2016-02-03
modified	2005-11-30
published	2005-11-30
reporter	r0t
source	https://www.exploit-db.com/download/26673/
title	SoftBiz FAQ 1.1 index.php cid Parameter SQL Injection

description	SoftBiz FAQ 1.1 print_article.php id Parameter SQL Injection. CVE-2005-3938. Webapps exploit for php platform
id	EDB-ID:26676
last seen	2016-02-03
modified	2005-11-30
published	2005-11-30
reporter	r0t
source	https://www.exploit-db.com/download/26676/
title	SoftBiz FAQ 1.1 print_article.php id Parameter SQL Injection

Summary

Vulnerable Configurations

Exploit-Db

References