{"api_version":"1","generated_at":"2026-07-06T07:16:01+00:00","cve":"CVE-2005-0858","urls":{"html":"https://cve.report/CVE-2005-0858","api":"https://cve.report/api/cve/CVE-2005-0858.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-0858","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-0858"},"summary":{"title":"CVE-2005-0858","description":"Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-05-02 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19759","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19759","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/12852","name":"http://www.securityfocus.com/bid/12852","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19761","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19761","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1013474","name":"http://securitytracker.com/id?1013474","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"CoolForum Input Validation Flaws Permit SQL Injection and Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-0858","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-0858","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"858","vulnerable":"1","versionEndIncluding":"0.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"coolforum","cpe5":"coolforum","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T21:28:28.952Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"coolforum-register-sql-injection(19761)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19761"},{"name":"coolforum-adminentete-sql-injection(19759)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19759"},{"name":"12852","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/12852"},{"name":"1013474","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1013474"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-03-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"coolforum-register-sql-injection(19761)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19761"},{"name":"coolforum-adminentete-sql-injection(19759)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19759"},{"name":"12852","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/12852"},{"name":"1013474","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1013474"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-0858","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"coolforum-register-sql-injection(19761)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19761"},{"name":"coolforum-adminentete-sql-injection(19759)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19759"},{"name":"12852","refsource":"BID","url":"http://www.securityfocus.com/bid/12852"},{"name":"1013474","refsource":"SECTRACK","url":"http://securitytracker.com/id?1013474"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-0858","datePublished":"2005-03-24T05:00:00.000Z","dateReserved":"2005-03-24T00:00:00.000Z","dateUpdated":"2024-08-07T21:28:28.952Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-05-02 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coolforum:coolforum:*:*:*:*:*:*:*:*","versionEndIncluding":"0.8","matchCriteriaId":"7A99F5F9-690E-4063-A316-6B61E63B3955"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"858","Ordinal":"1","Title":"CVE-2005-0858","CVE":"CVE-2005-0858","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"858","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.","Type":"Description","Title":"CVE-2005-0858"},{"CveYear":"2005","CveId":"858","Ordinal":"2","NoteData":"2005-03-24","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"858","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}