CVE-2005-2987

Severity Score

7.5

*CVSS v2

*EPSS

*CPE

*Multiple Sources

*KEV

*SSVC

SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

URL	Tag	Source
http://marc.info/?l=bugtraq&m=112680124115325&w=2	Mailing List
http://securityreason.com/securityalert/10	Third Party Advisory
http://securitytracker.com/id?1014909	Vdb Entry
http://www.osvdb.org/19460	Vdb Entry
http://www.vupen.com/english/advisories/2005/1757	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/22286	Vdb Entry

URL	Date	SRC
http://rgod.altervista.org/dscribe14.html	2024-08-07
http://www.securityfocus.com/bid/14843	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/16841	2017-07-11

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Digital Scribe Search vendor "Digital Scribe"		Digital Scribe Search vendor "Digital Scribe" for product "Digital Scribe"				1.4 Search vendor "Digital Scribe" for product "Digital Scribe" and version "1.4"		-		Affected