Vulnerability Details CVE-2005-0292
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html
- http://marc.info/?l=bugtraq&m=110599710017066&w=2
- http://secunia.com/advisories/13873
- http://securitytracker.com/id?1012910
- http://www.securityfocus.com/archive/1/392485
- http://www.securityfocus.com/bid/12289
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18925
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html
- http://marc.info/?l=bugtraq&m=110599710017066&w=2
- http://secunia.com/advisories/13873
- http://securitytracker.com/id?1012910
- http://www.securityfocus.com/archive/1/392485
- http://www.securityfocus.com/bid/12289
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18925
Products affected by CVE-2005-0292
-
cpe:2.3:a:php_gift_registry:phpgiftreg:1.4