CVE-2005-0265

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=110461644407935&w=2
http://secunia.com/advisories/13695
http://www.securityfocus.com/bid/12114	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18704
http://marc.info/?l=bugtraq&m=110461644407935&w=2
http://secunia.com/advisories/13695
http://www.securityfocus.com/bid/12114	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18704

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:owl:owl_intranet_engine:0.7:::::::*
	cpe:2.3:a:owl:owl_intranet_engine:0.8:::::::*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0265

Mitre link : CVE-2005-0265

CVE.ORG link : CVE-2005-0265

JSON object : View

Products Affected

owl

owl_intranet_engine

CWE

NVD-CWE-Other

{"id": "CVE-2005-0265", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110461644407935&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13695", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12114", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18704", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110461644407935&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/13695", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12114", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18704", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owl:owl_intranet_engine:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C05ABB33-DD31-455D-A517-CB9EA7C75706"}, {"criteria": "cpe:2.3:a:owl:owl_intranet_engine:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BB6B7DE-D724-43FE-BECF-73E7E778A872"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}