Lucene search

[email protected]CVE-2006-0462

HistoryJan 27, 2006 - 11:03 p.m.

CVE-2006-0462

2006-01-2723:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0462

sql injection

comentarios.php

andonet blog

security vulnerability

remote attackers

sql commands

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.

CPENameOperatorVersion
andonet:andonet_blogandonet andonet blogeq2004.09.02

CPE	Name	Operator	Version
andonet:andonet_blog	andonet andonet blog	eq	2004.09.02

References

evuln.com/vulns/50/summary.html

secunia.com/advisories/18633

securityreason.com/securityalert/377

www.osvdb.org/22755

www.securityfocus.com/archive/1/423162

www.securityfocus.com/bid/16393

www.vupen.com/english/advisories/2006/0327

exchange.xforce.ibmcloud.com/vulnerabilities/24309

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2006-0462

prion1