CVE-2005-4408

critical

Description

Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.

References

http://www.securityfocus.com/bid/15960

http://www.osvdb.org/21838

http://www.osvdb.org/21837

http://www.osvdb.org/21836

http://secunia.com/advisories/18110

http://pridels0.blogspot.com/2005/12/miraserver-sql-vuln.html

Details

Source: Mitre, NVD

Published: 2005-12-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01025

Detections

Analytics