Vulnerabilities > CVE-2005-3978 - SQL Injection vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1/1.5.1/1.9.6.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description NetClassifieds (SQL/XSS/Full Path) Multiple Remote Vulnerabilities. CVE-2005-3978. Webapps exploit for php platform id EDB-ID:4092 last seen 2016-01-31 modified 2007-06-22 published 2007-06-22 reporter laurent gaffié source https://www.exploit-db.com/download/4092/ title netclassifieds sql/xss/full path Multiple Vulnerabilities description NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 gallery.php CatID Parameter SQL Injection. CVE-2005-3978. Webapps exploit for php platform id EDB-ID:26698 last seen 2016-02-03 modified 2005-12-02 published 2005-12-02 reporter r0t source https://www.exploit-db.com/download/26698/ title NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 gallery.php CatID Parameter SQL Injection description NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 ViewItem.php ItemNum Parameter SQL Injection. CVE-2005-3978. Webapps exploit for php platform id EDB-ID:26699 last seen 2016-02-03 modified 2005-12-02 published 2005-12-02 reporter r0t source https://www.exploit-db.com/download/26699/ title NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 ViewItem.php ItemNum Parameter SQL Injection