Lucene search

[email protected]CVE-2006-0581

HistoryFeb 08, 2006 - 1:02 a.m.

CVE-2006-0581

2006-02-0801:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

0581

sql injection

hosting controller

hotfix

nvd

vulnerability

remote

authenticated

users

execute

arbitrary

sql commands

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_2.8

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_2.8

References

secunia.com/advisories/18731

securitytracker.com/id?1015584

www.osvdb.org/22982

www.osvdb.org/22983

www.vupen.com/english/advisories/2006/0460

exchange.xforce.ibmcloud.com/vulnerabilities/24537

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2006-0581

prion1 cvelist1