Vulnerability Description
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwordpress | Php News And Article Manager | 3.0 |
References
- http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181
- http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
- http://secunia.com/advisories/17733Vendor Advisory
- http://www.osvdb.org/21110
- http://www.securityfocus.com/bid/15582
- http://www.vupen.com/english/advisories/2005/2594
- http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181
- http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
- http://secunia.com/advisories/17733Vendor Advisory
- http://www.osvdb.org/21110
- http://www.securityfocus.com/bid/15582
- http://www.vupen.com/english/advisories/2005/2594
FAQ
What is CVE-2005-3844?
CVE-2005-3844 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3...
How severe is CVE-2005-3844?
CVE-2005-3844 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3844?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwordpress Php News And Article Manager.