CVE: CVE-2003-0735 - CVE-Search

CVE Details for CVE: CVE-2003-0735

Summary

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.

Timestamps
Last major update	18-10-2016 - 02:36
Published	20-10-2003 - 04:00
Last modified	18-10-2016 - 02:36

References

http://www.kb.cert.org/vuls/id/925166
http://marc.info/?l=bugtraq&m=106252188522715&w=2
http://marc.info/?l=bugtraq&m=106062021711496&w=2

Vulnerable Configurations

cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*
cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities 20030902 GLSA: phpwebsite (200309-03)
cert-vn	VU#925166