Vulnerability Description
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softbizscripts | Web Hosting Directory Script | <= 1.1 |
Related Weaknesses (CWE)
References
- http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.htmlBroken Link
- http://secunia.com/advisories/17724Third Party Advisory
- http://www.osvdb.org/21079Broken Link
- http://www.osvdb.org/21080Broken Link
- http://www.osvdb.org/21081Broken Link
- http://www.osvdb.org/21082Broken Link
- http://www.osvdb.org/21083Broken Link
- http://www.securityfocus.com/bid/15561Broken Link
- http://www.vupen.com/english/advisories/2005/2557Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23208Third Party Advisory
- http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.htmlBroken Link
- http://secunia.com/advisories/17724Third Party Advisory
- http://www.osvdb.org/21079Broken Link
- http://www.osvdb.org/21080Broken Link
- http://www.osvdb.org/21081Broken Link
FAQ
What is CVE-2005-3817?
CVE-2005-3817 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2)...
How severe is CVE-2005-3817?
CVE-2005-3817 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3817?
Check the references section above for vendor advisories and patch information. Affected products include: Softbizscripts Web Hosting Directory Script.