NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-4486

Summary	SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp
Publication Date	Dec. 22, 2005, 8:03 p.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	Aug. 8, 2024, 9:15 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:quantum_art:qp7_enterprise::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.securityfocus.com/bid/16022	BID	Exploit
2	http://www.osvdb.org/22069	OSVDB
3	http://www.osvdb.org/22070	OSVDB
4	http://pridels0.blogspot.com/2005/12/qp7enterprise-sql-vuln.html	MISC

Common Vulnerabilities List