CVE-2005-4159 in Foruminfo

Summary

** DISPUTED ** NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

12/11/2005

Disclosure

12/11/2005

Moderation

VulDB entry created

Entries

1: VDB-27412

CPE

ready

CWE

CWE-89 (Confirmed)

CVSS

7.3

EPSS

0.01112

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-4159
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4159
CVE Details	https://www.cvedetails.com/cve/CVE-2005-4159/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!