CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4527

Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html
http://www.osvdb.org/21854
http://www.osvdb.org/22340
http://www.securityfocus.com/bid/15957/
https://exchange.xforce.ibmcloud.com/vulnerabilities/23727
http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html
http://www.osvdb.org/21854
http://www.osvdb.org/22340
http://www.securityfocus.com/bid/15957/
https://exchange.xforce.ibmcloud.com/vulnerabilities/23727

Products affected by CVE-2005-4527

Direct News » Direct News » Version: 4.9

cpe:2.3:a:direct_news:direct_news:4.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4527

Products

Pricing

Contact Us