CVE-2005-1943

critical

Description

Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.

References

http://www.securityfocus.com/bid/13900

http://www.securityfocus.com/bid/13898

http://securitytracker.com/id?1014147

http://secunia.com/advisories/15633

http://marc.info/?l=bugtraq&m=111826992711703&w=2

Details

Source: Mitre, NVD

Published: 2005-06-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00574