CVE-2005-0302

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=110636597832556&w=2
http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19013
http://marc.info/?l=bugtraq&m=110636597832556&w=2
http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19013

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:::::::*
	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.1:::::::*

History

20 Nov 2024, 23:54

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=110636597832556&w=2 -~~	() http://marc.info/?l=bugtraq&m=110636597832556&w=2 -
References	~~() http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html - Exploit, Patch~~	() http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html - Exploit, Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/19013 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/19013 -

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0302

Mitre link : CVE-2005-0302

CVE.ORG link : CVE-2005-0302

JSON object : View

Products Affected

comersus_open_technologies

comersus_backoffice_lite

CWE

NVD-CWE-Other

{"id": "CVE-2005-0302", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110636597832556&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19013", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110636597832556&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19013", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EDBF5CC-D5C4-448F-B45E-74B6BD8E2DF3"}, {"criteria": "cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5742AD4D-4FB0-4CC1-9CAD-6A6477326CC9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10