Lucene search

[email protected]CVE-2006-0345

HistoryJan 21, 2006 - 1:03 a.m.

CVE-2006-0345

2006-01-2101:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

saralblog

sql injection

vulnerability

remote attackers

search parameter

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

JSON

Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058.

CPENameOperatorVersion
saral_kaushik:saralblogsaral kaushik saralblogeq1.0

CPE	Name	Operator	Version
saral_kaushik:saralblog	saral kaushik saralblog	eq	1.0

References

archives.neohapsis.com/archives/bugtraq/2006-01/0372.html

evuln.com/vulns/40/summary.html

securitytracker.com/id?1015517

www.osvdb.org/22740

www.securityfocus.com/bid/16306

exchange.xforce.ibmcloud.com/vulnerabilities/24218

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for CVE-2006-0345

prion1 cve1