CVE-2005-3325

Published: Oct 27, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.

Affected (2)

Products: Acid: Analysis Console For Intrusion Databases · Secureideas: Basic Analysis And Security Engine

1 product

Analysis Console For Intrusion Databases

1 product

Basic Analysis And Security Engine

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Acid Analysis Console For Intrusion Databases	Version 0.9.6b20
Secureideas Basic Analysis And Security Engine	Version 1.2

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (20)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788

Source: cve@mitre.org

Patch

http://secunia.com/advisories/17314

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/17523

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/17552

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/17558

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2005/dsa-893

Source: cve@mitre.org

Patch

http://www.osvdb.org/20836

Source: cve@mitre.org

http://www.osvdb.org/20837

Source: cve@mitre.org

http://www.securityfocus.com/bid/15199

Source: cve@mitre.org

ExploitPatch

http://www.vupen.com/english/advisories/2005/2188

Source: cve@mitre.org

Vendor Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/17314

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://secunia.com/advisories/17523

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/17552

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/17558

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2005/dsa-893

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/20836

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/20837

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15199

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.vupen.com/english/advisories/2005/2188

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.