{"api_version":"1","generated_at":"2026-04-23T06:07:56+00:00","cve":"CVE-2005-2468","urls":{"html":"https://cve.report/CVE-2005-2468","api":"https://cve.report/api/cve/CVE-2005-2468.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-2468","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-2468"},"summary":{"title":"CVE-2005-2468","description":"Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2005/1287","name":"http://www.vupen.com/english/advisories/2005/1287","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/16304","name":"http://secunia.com/advisories/16304","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Secunia - Advisories - MySQL Eventum Cross-Site Scripting and SQL Injection","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/14437","name":"http://www.securityfocus.com/bid/14437","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"MySQL Eventum Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/18406","name":"http://www.osvdb.org/18406","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://marc.info/?l=bugtraq&m=112292193807958&w=2","name":"http://marc.info/?l=bugtraq&m=112292193807958&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'MySQL Eventum Multiple Vulnerabilities' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.mysql.com/eventum-users/2072","name":"http://lists.mysql.com/eventum-users/2072","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"MySQL Lists: eventum-users: Eventum 1.6.0 Released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/18404","name":"http://www.osvdb.org/18404","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.osvdb.org/18405","name":"http://www.osvdb.org/18405","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://securitytracker.com/id?1014603","name":"http://securitytracker.com/id?1014603","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"SecurityTracker.com Archives - MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gulftech.org/?node=research&article_id=00093-07312005","name":"http://www.gulftech.org/?node=research&article_id=00093-07312005","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Contact Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/18403","name":"http://www.osvdb.org/18403","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-2468","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2468","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mysql","cpe5":"eventum","cpe6":"1.5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T22:29:59.635Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"18404","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/18404"},{"name":"ADV-2005-1287","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2005/1287"},{"name":"16304","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/16304"},{"name":"18403","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/18403"},{"name":"18405","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/18405"},{"name":"1014603","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1014603"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://lists.mysql.com/eventum-users/2072"},{"name":"20050731 MySQL Eventum Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=112292193807958&w=2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.gulftech.org/?node=research&article_id=00093-07312005"},{"name":"14437","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/14437"},{"name":"18406","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/18406"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-07-31T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-10-17T13:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"18404","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/18404"},{"name":"ADV-2005-1287","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2005/1287"},{"name":"16304","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/16304"},{"name":"18403","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/18403"},{"name":"18405","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/18405"},{"name":"1014603","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1014603"},{"tags":["x_refsource_CONFIRM"],"url":"http://lists.mysql.com/eventum-users/2072"},{"name":"20050731 MySQL Eventum Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=112292193807958&w=2"},{"tags":["x_refsource_MISC"],"url":"http://www.gulftech.org/?node=research&article_id=00093-07312005"},{"name":"14437","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/14437"},{"name":"18406","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/18406"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-2468","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"18404","refsource":"OSVDB","url":"http://www.osvdb.org/18404"},{"name":"ADV-2005-1287","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2005/1287"},{"name":"16304","refsource":"SECUNIA","url":"http://secunia.com/advisories/16304"},{"name":"18403","refsource":"OSVDB","url":"http://www.osvdb.org/18403"},{"name":"18405","refsource":"OSVDB","url":"http://www.osvdb.org/18405"},{"name":"1014603","refsource":"SECTRACK","url":"http://securitytracker.com/id?1014603"},{"name":"http://lists.mysql.com/eventum-users/2072","refsource":"CONFIRM","url":"http://lists.mysql.com/eventum-users/2072"},{"name":"20050731 MySQL Eventum Multiple Vulnerabilities","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=112292193807958&w=2"},{"name":"http://www.gulftech.org/?node=research&article_id=00093-07312005","refsource":"MISC","url":"http://www.gulftech.org/?node=research&article_id=00093-07312005"},{"name":"14437","refsource":"BID","url":"http://www.securityfocus.com/bid/14437"},{"name":"18406","refsource":"OSVDB","url":"http://www.osvdb.org/18406"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-2468","datePublished":"2006-06-06T20:03:00.000Z","dateReserved":"2005-08-05T00:00:00.000Z","dateUpdated":"2024-08-07T22:29:59.635Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.1:*:*:*:*:*:*:*","matchCriteriaId":"3376760A-F66D-4AEA-8A8E-3ABEB39D67C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.2:*:*:*:*:*:*:*","matchCriteriaId":"C3BBA56E-6A81-4977-8C87-CD2A19C777B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C7982E45-2702-4120-87C3-0CB3F9DA0897"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.3:*:*:*:*:*:*:*","matchCriteriaId":"0B531FC5-154F-4858-BB5C-F1D3F752E2E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"12877C25-B604-450A-A527-4C223DC3DCEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.4:*:*:*:*:*:*:*","matchCriteriaId":"C3CD7BBB-5193-4159-AA56-554EFDBECE08"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.5.4:*:*:*:*:*:*:*","matchCriteriaId":"CE389FEE-6F5F-4950-988F-42A26D19EAB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mysql:eventum:1.5.5:*:*:*:*:*:*:*","matchCriteriaId":"7F72E477-4851-4C6E-814E-7520AE764EF9"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"2468","Ordinal":"1","Title":"CVE-2005-2468","CVE":"CVE-2005-2468","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"2468","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.","Type":"Description","Title":"CVE-2005-2468"},{"CveYear":"2005","CveId":"2468","Ordinal":"2","NoteData":"2006-06-06","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"2468","Ordinal":"3","NoteData":"2016-10-17","Type":"Other","Title":"Modified"}]}}}