CVE-2004-2340 - OpenCVE

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Even Balance	Punkbuster Database

Configuration 1 [-]

OR	cpe:2.3:a:even_balance:punkbuster_database:1.0_alpha:::::::*
	cpe:2.3:a:even_balance:punkbuster_database:2.0_alpha:::::::*
	cpe:2.3:a:even_balance:punkbuster_database:3.0_alpha:::::::*
	cpe:2.3:a:even_balance:punkbuster_database:4.0_alpha:::::::*
	cpe:2.3:a:even_balance:punkbuster_database:5.0_alpha:::::::*
	cpe:2.3:a:even_balance:punkbuster_database:6.0_alpha:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1009145
http://www.osvdb.org/18981
http://www.securityfocus.com/archive/1/354453
http://www.securityfocus.com/bid/9697
https://exchange.xforce.ibmcloud.com/vulnerabilities/15267

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-16T04:00:00

Updated: 2024-08-08T01:22:13.657Z

Reserved: 2005-08-16T00:00:00

Link: CVE-2004-2340

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:48.653

Link: CVE-2004-2340

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the \"PunkBuster Screenshot Database\" and not \"PunkBuster\" itself; (2) there is no apparent association between PunkBuster and \"Punky Brewster\"; (3) the claimed source code is not anywhere in Alpha 6."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "9697", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9697"}, {"name": "punkbuster-login-sql-injection(15267)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15267"}, {"name": "1009145", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1009145"}, {"name": "20040219 PunkBuster SQL Injection Attack", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/354453"}, {"name": "18981", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18981"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2340", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the \"PunkBuster Screenshot Database\" and not \"PunkBuster\" itself; (2) there is no apparent association between PunkBuster and \"Punky Brewster\"; (3) the claimed source code is not anywhere in Alpha 6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "9697", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9697"}, {"name": "punkbuster-login-sql-injection(15267)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15267"}, {"name": "1009145", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1009145"}, {"name": "20040219 PunkBuster SQL Injection Attack", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/354453"}, {"name": "18981", "refsource": "OSVDB", "url": "http://www.osvdb.org/18981"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:22:13.657Z"}, "title": "CVE Program Container", "references": [{"name": "9697", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9697"}, {"name": "punkbuster-login-sql-injection(15267)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15267"}, {"name": "1009145", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1009145"}, {"name": "20040219 PunkBuster SQL Injection Attack", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/354453"}, {"name": "18981", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18981"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2340", "datePublished": "2005-08-16T04:00:00", "dateReserved": "2005-08-16T00:00:00", "dateUpdated": "2024-08-08T01:22:13.657Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:even_balance:punkbuster_database:1.0_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "DED5F425-236F-4F71-8EF2-F7F5F61734E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:even_balance:punkbuster_database:2.0_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "0862F869-B918-4471-872D-CE653431C8E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:even_balance:punkbuster_database:3.0_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "31F73411-C8FB-408B-A30C-ADA3872F5639", "vulnerable": true}, {"criteria": "cpe:2.3:a:even_balance:punkbuster_database:4.0_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "51AC43A2-1372-47AB-98E8-B6D1E3C3125C", "vulnerable": true}, {"criteria": "cpe:2.3:a:even_balance:punkbuster_database:5.0_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "9CBD0326-C1D8-4A7E-9420-568CB285D9C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:even_balance:punkbuster_database:6.0_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "4552EF0B-E930-4558-867D-0793863DA25B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the \"PunkBuster Screenshot Database\" and not \"PunkBuster\" itself; (2) there is no apparent association between PunkBuster and \"Punky Brewster\"; (3) the claimed source code is not anywhere in Alpha 6."}], "id": "CVE-2004-2340", "lastModified": "2017-07-11T01:31:48.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1009145"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18981"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/354453"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/9697"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15267"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}