CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-3853

HIGH
7.5
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile22.11th
Published2005年11月27日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.

Affected Platforms (CPE)

📦
Solucija

Snews

<= 1.3
📦
Solucija

Snews

= 1.2

References & Advisories

🔗 http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html
🔗 http://secunia.com/advisories/17688
🔗 http://www.osvdb.org/21093
🔗 http://www.vupen.com/english/advisories/2005/2585
🔗 http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html
🔗 http://secunia.com/advisories/17688
🔗 http://www.osvdb.org/21093
🔗 http://www.vupen.com/english/advisories/2005/2585

相關漏洞威脅

CVE-2007-026110.0

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform u...

CVE-2016-200529.8

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files i...

CVE-2007-48419.3

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrar...

CVE-2007-40427.5

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NUL...