CVE-2005-0292

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

Published: Jan 17, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0292
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_gift_registry / phpgiftreg	1.4	1.4.x

http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html
http://marc.info/?l=bugtraq&m=110599710017066&w=2
http://secunia.com/advisories/13873
http://securitytracker.com/id?1012910
http://www.securityfocus.com/archive/1/392485
http://www.securityfocus.com/bid/12289
https://exchange.xforce.ibmcloud.com/vulnerabilities/18925

Vulnerability Database

290,206

CVE-2005-0292