Vulnerability Details CVE-2005-3844
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181
- http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
- http://secunia.com/advisories/17733
- http://www.osvdb.org/21110
- http://www.securityfocus.com/bid/15582
- http://www.vupen.com/english/advisories/2005/2594
- http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181
- http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
- http://secunia.com/advisories/17733
- http://www.osvdb.org/21110
- http://www.securityfocus.com/bid/15582
- http://www.vupen.com/english/advisories/2005/2594
Products affected by CVE-2005-3844
-
cpe:2.3:a:phpwordpress:php_news_and_article_manager:3.0