Vulnerability Description
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enterprise Heart | Enterprise Connector | <= 1.0.2 |
References
- http://pridels0.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.html
- http://secunia.com/advisories/17743Vendor Advisory
- http://www.osvdb.org/21141
- http://www.osvdb.org/21142
- http://www.securityfocus.com/bid/15578
- http://www.vupen.com/english/advisories/2005/2602
- http://pridels0.blogspot.com/2005/11/enterprise-connector-sql-inj-vuln.html
- http://secunia.com/advisories/17743Vendor Advisory
- http://www.osvdb.org/21141
- http://www.osvdb.org/21142
- http://www.securityfocus.com/bid/15578
- http://www.vupen.com/english/advisories/2005/2602
FAQ
What is CVE-2005-3875?
CVE-2005-3875 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete ac...
How severe is CVE-2005-3875?
CVE-2005-3875 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3875?
Check the references section above for vendor advisories and patch information. Affected products include: Enterprise Heart Enterprise Connector.