CVE-2005-4719 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sysbotz	Systems Panel

Configuration 1 [-]

cpe:2.3:a:sysbotz:systems_panel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html
http://www.osvdb.org/21320
http://www.osvdb.org/21321
http://www.osvdb.org/21322
http://www.osvdb.org/21323
http://www.osvdb.org/21324
http://www.osvdb.org/21325

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-15T11:00:00

Updated: 2024-08-07T23:53:28.975Z

Reserved: 2006-02-15T00:00:00

Link: CVE-2005-4719

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-31T05:00:00.000

Modified: 2024-11-21T00:05:00.693

Link: CVE-2005-4719

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-09-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21325", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21325"}, {"name": "21321", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21321"}, {"tags": ["x_refsource_MISC"], "url": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"}, {"name": "21320", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21320"}, {"name": "21322", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21322"}, {"name": "21323", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21323"}, {"name": "21324", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21324"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4719", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21325", "refsource": "OSVDB", "url": "http://www.osvdb.org/21325"}, {"name": "21321", "refsource": "OSVDB", "url": "http://www.osvdb.org/21321"}, {"name": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"}, {"name": "21320", "refsource": "OSVDB", "url": "http://www.osvdb.org/21320"}, {"name": "21322", "refsource": "OSVDB", "url": "http://www.osvdb.org/21322"}, {"name": "21323", "refsource": "OSVDB", "url": "http://www.osvdb.org/21323"}, {"name": "21324", "refsource": "OSVDB", "url": "http://www.osvdb.org/21324"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:53:28.975Z"}, "title": "CVE Program Container", "references": [{"name": "21325", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21325"}, {"name": "21321", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21321"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"}, {"name": "21320", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21320"}, {"name": "21322", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21322"}, {"name": "21323", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21323"}, {"name": "21324", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21324"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4719", "datePublished": "2006-02-15T11:00:00", "dateReserved": "2006-02-15T00:00:00", "dateUpdated": "2024-08-07T23:53:28.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysbotz:systems_panel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC052448-35A0-4D4A-8C0A-76A32AF463DC", "versionEndIncluding": "1.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php."}], "id": "CVE-2005-4719", "lastModified": "2024-11-21T00:05:00.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/21320"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/21321"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/21322"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/21323"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/21324"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/21325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/21320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/21321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/21322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/21323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/21324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/21325"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}