Lucene search

[email protected]CVE-2006-0417

HistoryJan 25, 2006 - 11:03 a.m.

CVE-2006-0417

2006-01-2511:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

0417

sql injection

minibloggie

nvd

security vulnerability

authentication bypass

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.

CPENameOperatorVersion
mywebland:minibloggiemywebland minibloggiele1.0

CPE	Name	Operator	Version
mywebland:minibloggie	mywebland minibloggie	le	1.0

References

evuln.com/vulns/47/summary.html

secunia.com/advisories/18604

securitytracker.com/id?1015534

www.osvdb.org/22729

www.securityfocus.com/archive/1/423126/100/0/threaded

www.securityfocus.com/bid/16367

www.vupen.com/english/advisories/2006/0310

exchange.xforce.ibmcloud.com/vulnerabilities/24280

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2006-0417

prion1 cvelist1