CVE-2005-3953 - Vulnerability Details - OpenCVE

SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bedeng Psp	Bedeng Psp

Configuration 1 [-]

cpe:2.3:a:bedeng_psp:bedeng_psp:1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html
http://secunia.com/advisories/17760
http://www.osvdb.org/21174
http://www.osvdb.org/21175
http://www.osvdb.org/21176
http://www.securityfocus.com/bid/15583

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-01T11:00:00

Updated: 2024-08-07T23:31:48.568Z

Reserved: 2005-12-01T00:00:00

Link: CVE-2005-3953

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-01T06:03:00.000

Modified: 2024-11-21T00:03:08.697

Link: CVE-2005-3953

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-12-08T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "15583", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15583"}, {"name": "17760", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17760"}, {"name": "21175", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21175"}, {"name": "21176", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21176"}, {"name": "21174", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21174"}, {"tags": ["x_refsource_MISC"], "url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3953", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "15583", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15583"}, {"name": "17760", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17760"}, {"name": "21175", "refsource": "OSVDB", "url": "http://www.osvdb.org/21175"}, {"name": "21176", "refsource": "OSVDB", "url": "http://www.osvdb.org/21176"}, {"name": "21174", "refsource": "OSVDB", "url": "http://www.osvdb.org/21174"}, {"name": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:31:48.568Z"}, "title": "CVE Program Container", "references": [{"name": "15583", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15583"}, {"name": "17760", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17760"}, {"name": "21175", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21175"}, {"name": "21176", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21176"}, {"name": "21174", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21174"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3953", "datePublished": "2005-12-01T11:00:00", "dateReserved": "2005-12-01T00:00:00", "dateUpdated": "2024-08-07T23:31:48.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bedeng_psp:bedeng_psp:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE9BBE71-6FC0-4874-BC45-C3FD6CACB270", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php."}], "id": "CVE-2005-3953", "lastModified": "2024-11-21T00:03:08.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-01T06:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17760"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21174"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21175"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21176"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/15583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17760"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21175"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/15583"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}