Vulnerability Details CVE-2005-1875
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=111773894525119&w=2
- http://photography-on-the.net/forum/showthread.php?p=579692
- http://secunia.com/advisories/15583
- http://www.osvdb.org/17006
- http://www.securityfocus.com/bid/13844
- http://marc.info/?l=bugtraq&m=111773894525119&w=2
- http://photography-on-the.net/forum/showthread.php?p=579692
- http://secunia.com/advisories/15583
- http://www.osvdb.org/17006
- http://www.securityfocus.com/bid/13844
Products affected by CVE-2005-1875
-
cpe:2.3:a:exhibit_engine:exhibit_engine:1.22
-
cpe:2.3:a:exhibit_engine:exhibit_engine:1.54_rc4