Lucene search

[email protected]CVE-2006-0135

HistoryJan 09, 2006 - 11:03 a.m.

CVE-2006-0135

2006-01-0911:03:00

[email protected]

web.nvd.nist.gov

cve-2006-0135

sql injection

thewebforum

authentication bypass

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).

Affected configurations

NVD

Node

thewebforumthewebforumRange≤1.2.1

CPENameOperatorVersion
thewebforum:thewebforumthewebforumle1.2.1

CPE	Name	Operator	Version
thewebforum:thewebforum	thewebforum	le	1.2.1

References

evuln.com/vulns/17/exploit.html

evuln.com/vulns/17/summary.html

secunia.com/advisories/18392

securityreason.com/securityalert/321

securitytracker.com/id?1015450

www.osvdb.org/22294

www.securityfocus.com/archive/1/421039/100/0/threaded

www.securityfocus.com/bid/16161

www.vupen.com/english/advisories/2006/0093

exchange.xforce.ibmcloud.com/vulnerabilities/24027

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2006-0135

checkpoint_advisories2 cvelist1 nvd1 prion1