Vulnerability Details CVE-2005-3646
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=113165036315035&w=2
- http://seclists.org/lists/bugtraq/2005/Nov/0189.html
- http://secunia.com/advisories/17464/
- http://secunia.com/advisories/17579
- http://securityreason.com/securityalert/171
- http://securityreason.com/securityalert/172
- http://securitytracker.com/id?1015193
- http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
- http://www.fitsec.com/advisories/FS-05-01.txt
- http://www.osvdb.org/20744
- http://www.osvdb.org/20745
- http://www.securityfocus.com/bid/15385/
- http://www.vupen.com/english/advisories/2005/2380
- http://www.zone-h.org/en/advisories/read/id=8413/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23044
- http://marc.info/?l=bugtraq&m=113165036315035&w=2
- http://seclists.org/lists/bugtraq/2005/Nov/0189.html
- http://secunia.com/advisories/17464/
- http://secunia.com/advisories/17579
- http://securityreason.com/securityalert/171
- http://securityreason.com/securityalert/172
- http://securitytracker.com/id?1015193
- http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
- http://www.fitsec.com/advisories/FS-05-01.txt
- http://www.osvdb.org/20744
- http://www.osvdb.org/20745
- http://www.securityfocus.com/bid/15385/
- http://www.vupen.com/english/advisories/2005/2380
- http://www.zone-h.org/en/advisories/read/id=8413/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23044
Products affected by CVE-2005-3646
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.5
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.6
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.7_rc1
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6
-
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30
-
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09
-
cpe:2.3:a:phppgads:phppgads:2.0.6