CVE-2006-0517
8.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.1%
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to “session handling”; and (5) when posting “petitions”.
References
archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html
secunia.com/advisories/18676
securityreason.com/securityalert/395
securitytracker.com/id?1015556
www.osvdb.org/22844
www.osvdb.org/22845
www.osvdb.org/22848
www.securityfocus.com/archive/1/423655/100/0/threaded
www.securityfocus.com/bid/16458
www.securityfocus.com/bid/24397
www.vupen.com/english/advisories/2006/0398
www.zone-h.org/en/advisories/read/id=8650/
exchange.xforce.ibmcloud.com/vulnerabilities/24397
Social References
More
Related
8.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.1%