Lucene search

[email protected]CVE-2006-0669

HistoryFeb 13, 2006 - 10:02 p.m.

CVE-2006-0669

2006-02-1322:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

sql injection

ga forum light

vulnerability

remote execution

nvd

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.2%

JSON

Multiple SQL injection vulnerabilities in archive.asp in GA’s Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker’s research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments

CPENameOperatorVersion
gasoft:gas_forum_lightgasoft gas forum lighteq*

CPE	Name	Operator	Version
gasoft:gas_forum_light	gasoft gas forum light	eq	*

References

securitytracker.com/id?1015600

www.attrition.org/pipermail/vim/2006-February/000561.html

www.osvdb.org/23509

www.securityfocus.com/bid/16563

exchange.xforce.ibmcloud.com/vulnerabilities/24616

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2006-0669

prion1