nvd-json-data-feeds/CVE-2005/CVE-2005-24xx/CVE-2005-2415.json

{
  "id": "CVE-2005-2415",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2005-08-03T04:00:00.000",
  "lastModified": "2017-07-11T01:32:49.720",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en Contrexx anterior a la 1.0.5 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el par\u00e1metro \"value\" al m\u00f3dulo poll o el par\u00e1metro \"pld\" al m\u00f3dulo gallery"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": true,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:astalavista_it_engineering:contrexx:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.0.4",
              "matchCriteriaId": "3B18553E-DB63-4EB4-96AC-FA93E9F11B7A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://marc.info/?l=bugtraq&m=112206702015439&w=2",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://securitytracker.com/id?1014554",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.hardened-php.net/advisory_112005.59.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/14352",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21482",
      "source": "cve@mitre.org"
    }
  ]
}