Lucene search

[email protected]CVE-2006-0610

HistoryFeb 09, 2006 - 12:02 a.m.

CVE-2006-0610

2006-02-0900:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

2200net calendar system

remote attackers

authentication bypass

cve-2006-0610

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad[‘acc’] variable in adminlogin.php.

CPENameOperatorVersion
2200net:2200net_calendar2200net 2200net calendareq1.2

CPE	Name	Operator	Version
2200net:2200net_calendar	2200net 2200net calendar	eq	1.2

References

marc.info/?l=bugtraq&m=114003781801861&w=2

secunia.com/advisories/18781

www.evuln.com/vulns/62/summary.html

www.osvdb.org/23037

www.osvdb.org/23038

www.securityfocus.com/archive/1/425094/100/0/threaded

www.securityfocus.com/bid/16569

www.vupen.com/english/advisories/2006/0486

exchange.xforce.ibmcloud.com/vulnerabilities/24483

exchange.xforce.ibmcloud.com/vulnerabilities/24484

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2006-0610

prion1 securityvulns1 packetstorm1