CVE-2005-3153 - Vulnerability Details - OpenCVE

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mywebland	Mybloggie

Configuration 1 [-]

cpe:2.3:a:mywebland:mybloggie:2.1.3_beta:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112818273307878&w=2
http://mywebland.com/forums/showtopic.php?t=399
http://rgod.altervista.org/mybloggie213b.html
http://securityreason.com/securityalert/42
http://securitytracker.com/id?1014995
http://www.osvdb.org/19935

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-10-05T04:00:00

Updated: 2024-08-07T23:01:57.966Z

Reserved: 2005-10-05T00:00:00

Link: CVE-2005-3153

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-10-05T22:02:00.000

Modified: 2024-11-21T00:01:14.180

Link: CVE-2005-3153

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1014995", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014995"}, {"tags": ["x_refsource_MISC"], "url": "http://rgod.altervista.org/mybloggie213b.html"}, {"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112818273307878&w=2"}, {"name": "42", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/42"}, {"name": "19935", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/19935"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mywebland.com/forums/showtopic.php?t=399"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3153", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1014995", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014995"}, {"name": "http://rgod.altervista.org/mybloggie213b.html", "refsource": "MISC", "url": "http://rgod.altervista.org/mybloggie213b.html"}, {"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112818273307878&w=2"}, {"name": "42", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/42"}, {"name": "19935", "refsource": "OSVDB", "url": "http://www.osvdb.org/19935"}, {"name": "http://mywebland.com/forums/showtopic.php?t=399", "refsource": "CONFIRM", "url": "http://mywebland.com/forums/showtopic.php?t=399"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:01:57.966Z"}, "title": "CVE Program Container", "references": [{"name": "1014995", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014995"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://rgod.altervista.org/mybloggie213b.html"}, {"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112818273307878&w=2"}, {"name": "42", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/42"}, {"name": "19935", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/19935"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mywebland.com/forums/showtopic.php?t=399"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3153", "datePublished": "2005-10-05T04:00:00", "dateReserved": "2005-10-05T00:00:00", "dateUpdated": "2024-08-07T23:01:57.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mywebland:mybloggie:2.1.3_beta:*:*:*:*:*:*:*", "matchCriteriaId": "74E0FF8C-1AEA-46C0-A867-F2728AA5E069", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."}], "id": "CVE-2005-3153", "lastModified": "2024-11-21T00:01:14.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-10-05T22:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112818273307878&w=2"}, {"source": "cve@mitre.org", "url": "http://mywebland.com/forums/showtopic.php?t=399"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://rgod.altervista.org/mybloggie213b.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/42"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1014995"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/19935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=112818273307878&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mywebland.com/forums/showtopic.php?t=399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://rgod.altervista.org/mybloggie213b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/42"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1014995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/19935"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}