CVE Vulnerabilities

CVE-2005-2561

Published: Aug 16, 2005 | Modified: Nov 20, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3.

Affected Software

Name Vendor Start Version End Version
Myfaq Myfaq 1.0 (including) 1.0 (including)

References