PT-2005-4679 · Wsn · Wsn Knowledge Base

Published

2005-12-01

Updated

2008-10-03

CVE-2005-3939

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WSN Knowledge Base versions 1.2.0 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different files, including catid, perpage, ascdesc, and orderlinks in a displaycat action in index.php, and the id parameter in comments.php and memberlist.php.

Recommendations For WSN Knowledge Base versions 1.2.0 and earlier, as a temporary workaround, consider restricting access to the displaycat action in index.php and the id parameter in comments.php and memberlist.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3939

Affected Products

Wsn Knowledge Base

PT-2005-4679 · Wsn · Wsn Knowledge Base

CVE-2005-3939

Related Identifiers

Affected Products

References · 11