Lucene search

[email protected]CVE-2006-0728

HistoryFeb 16, 2006 - 11:02 a.m.

CVE-2006-0728

2006-02-1611:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0728

sql injection

webspell 4.01.00

search.php

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.4%

JSON

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.

CPENameOperatorVersion
webspell:webspellwebspellle4.01.00

CPE	Name	Operator	Version
webspell:webspell	webspell	le	4.01.00

References

secunia.com/advisories/18885

www.securityfocus.com/bid/16673

www.vupen.com/english/advisories/2006/0606

www.webspell.org/index.php?site=news_comments&newsID=49&lang=en

exchange.xforce.ibmcloud.com/vulnerabilities/24708

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2006-0728

prion1