Lucene search

[email protected]CVE-2006-0413

HistoryJan 25, 2006 - 11:03 a.m.

CVE-2006-0413

2006-01-2511:03:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-0413

newsphp

sql injection

index.php

remote attackers

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.

CPENameOperatorVersion
newsphp:newsphpnewsphpeq*

CPE	Name	Operator	Version
newsphp:newsphp	newsphp	eq	*

References

secunia.com/advisories/18624

www.osvdb.org/22717

www.securityfocus.com/archive/1/423129/100/0/threaded

www.securityfocus.com/bid/16339

www.vupen.com/english/advisories/2006/0341

exchange.xforce.ibmcloud.com/vulnerabilities/24320

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2006-0413

prion1 cvelist1