CVE-2005-4286

critical

Description

Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php.

References

http://www.vupen.com/english/advisories/2005/2930

http://www.phplogcon.com/Article9.phtml

http://secunia.com/advisories/18053

http://cvs.sourceforge.net/viewcvs.py/phplogcon/phplogcon/submit.php?r1=1.4&r2=1.5

Details

Source: Mitre, NVD

Published: 2005-12-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0078