CVE-2005-4006 - Vulnerability Details - OpenCVE

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redgraphic	Sapid Cms

Configuration 1 [-]

OR	cpe:2.3:a:redgraphic:sapid_cms::::::::
	cpe:2.3:a:redgraphic:sapid_cms:1.2.3:::::::*
	cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc2::::::
	cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc3::::::
	cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc5::::::
	cpe:2.3:a:redgraphic:sapid_cms:1.2.3:stable::::::

No data.

References

Link	Providers
http://sapid-club.com/en/viewtopic.php?p=586#586
http://secunia.com/advisories/17859
http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100
http://www.osvdb.org/21389
http://www.securityfocus.com/bid/15689
http://www.vupen.com/english/advisories/2005/2703

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-05T01:00:00

Updated: 2024-08-07T23:31:48.703Z

Reserved: 2005-12-04T00:00:00

Link: CVE-2005-4006

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-05T01:03:00.000

Modified: 2024-11-21T00:03:16.103

Link: CVE-2005-4006

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-12-08T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"}, {"name": "ADV-2005-2703", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2703"}, {"name": "21389", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21389"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sapid-club.com/en/viewtopic.php?p=586#586"}, {"name": "15689", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15689"}, {"name": "17859", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17859"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4006", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"}, {"name": "ADV-2005-2703", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2703"}, {"name": "21389", "refsource": "OSVDB", "url": "http://www.osvdb.org/21389"}, {"name": "http://sapid-club.com/en/viewtopic.php?p=586#586", "refsource": "CONFIRM", "url": "http://sapid-club.com/en/viewtopic.php?p=586#586"}, {"name": "15689", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15689"}, {"name": "17859", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17859"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:31:48.703Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"}, {"name": "ADV-2005-2703", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2703"}, {"name": "21389", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21389"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sapid-club.com/en/viewtopic.php?p=586#586"}, {"name": "15689", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15689"}, {"name": "17859", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17859"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4006", "datePublished": "2005-12-05T01:00:00", "dateReserved": "2005-12-04T00:00:00", "dateUpdated": "2024-08-07T23:31:48.703Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redgraphic:sapid_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "8458C5D0-2B3A-4D8D-9484-2B3D8362D5D9", "versionEndIncluding": "1.2.3.02", "vulnerable": true}, {"criteria": "cpe:2.3:a:redgraphic:sapid_cms:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "618B2486-AB01-424B-B7F4-295FDA4CD89F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "E89CB9C2-341E-41B7-A275-69C26ABD49DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "D77CFB60-2E9E-4644-9696-B412EA3CE9DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc5:*:*:*:*:*:*", "matchCriteriaId": "3747E1FE-0EF9-42D6-9A27-7F6F5B36A71C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redgraphic:sapid_cms:1.2.3:stable:*:*:*:*:*:*", "matchCriteriaId": "D5E70D74-B75E-48BA-B258-046D45F4DBB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php."}], "id": "CVE-2005-4006", "lastModified": "2024-11-21T00:03:16.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-05T01:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://sapid-club.com/en/viewtopic.php?p=586#586"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17859"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21389"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15689"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://sapid-club.com/en/viewtopic.php?p=586#586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21389"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2703"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}