{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-01-17T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2005-2594", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2594"}, {"tags": ["x_refsource_MISC"], "url": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html"}, {"name": "17733", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17733"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181"}, {"name": "15582", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15582"}, {"name": "21110", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21110"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2005-2594", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2594"}, {"name": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html"}, {"name": "17733", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17733"}, {"name": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181", "refsource": "CONFIRM", "url": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181"}, {"name": "15582", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15582"}, {"name": "21110", "refsource": "OSVDB", "url": "http://www.osvdb.org/21110"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:24:36.556Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2005-2594", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2594"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html"}, {"name": "17733", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17733"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181"}, {"name": "15582", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15582"}, {"name": "21110", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21110"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3844", "datePublished": "2005-11-26T22:00:00", "dateReserved": "2005-11-26T00:00:00", "dateUpdated": "2024-08-07T23:24:36.556Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpwordpress:php_news_and_article_manager:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "45C863F2-9E29-4711-A5D3-62335093DEED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action."}], "id": "CVE-2005-3844", "lastModified": "2011-03-08T02:27:15.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-26T22:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181"}, {"source": "cve@mitre.org", "url": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17733"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21110"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15582"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2594"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}