Vulnerabilities > CVE-2005-4702 - Remote SQL Injection vulnerability in Ipbproarcade 2.5.2

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ipbproarcade

exploit available

NVD

Published: 2005-12-31

Updated: 2008-09-05

Summary

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.

Vulnerable Configurations

Part	Description	Count
Application	Ipbproarcade Ipbproarcade Ipbproarcade 2.5.2	1

Exploit-Db

description	IPBProArcade 2.5.2 GameID Parameter Remote SQL Injection Vulnerability. CVE-2005-4702. Webapps exploit for php platform
id	EDB-ID:26397
last seen	2016-02-03
modified	2005-10-26
published	2005-10-26
reporter	almaster
source	https://www.exploit-db.com/download/26397/
title	IPBProArcade 2.5.2 GameID Parameter Remote SQL Injection Vulnerability

References

http://www.securityfocus.com/bid/15205