CVE-2005-4478

critical

Description

Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php.

References

http://www.vupen.com/english/advisories/2005/3046

http://www.osvdb.org/displayvuln.php?osvdb_id=21871

http://www.osvdb.org/displayvuln.php?osvdb_id=21870

http://www.osvdb.org/21869

http://secunia.com/advisories/18152

http://pridels0.blogspot.com/2005/12/papoo-multiple-sql-vuln.html

Details

Source: Mitre, NVD

Published: 2005-12-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00753