CVE-2005-4495
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
22/12/2005
Last modified:
08/08/2024
Description
SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:spiremedia:mx7:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page