Lucene search

[email protected]CVE-2006-0721

HistoryFeb 16, 2006 - 11:02 a.m.

CVE-2006-0721

2006-02-1611:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0721

sql injection

pmlite.php

runcms 1.2

runcms 1.3a

remote attackers

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.5%

JSON

SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.

CPENameOperatorVersion
runcms:runcmsruncmseq1.3a
runcms:runcmsruncmseq1.2
runcms:runcmsruncmseq1.3a2

CPE	Name	Operator	Version
runcms:runcms	runcms	eq	1.3a
runcms:runcms	runcms	eq	1.2
runcms:runcms	runcms	eq	1.3a2

References

hamid.ir/security/runcms.txt

secunia.com/advisories/18831

securitytracker.com/id?1015626

www.runcms.org/public/modules/forum/viewtopic.php?topic_id=4003&forum=18

www.securityfocus.com/archive/1/425293/100/0/threaded

www.securityfocus.com/bid/16652

www.vupen.com/english/advisories/2006/0572

exchange.xforce.ibmcloud.com/vulnerabilities/24676

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2006-0721

prion1