Lucene search

MitreCVE-2006-0750

HistoryFeb 18, 2006 - 2:02 a.m.

CVE-2006-0750

2006-02-1802:02:00

CWE-89

mitre

web.nvd.nist.gov

cve-2006-0750

sql injection

army.php

supersmashbrothers

invision power board

ipb

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.

Affected configurations

Nvd

Node

supersmashbrothersarmy_systemMatch2.1.0_for_ipb

VendorProductVersionCPE
supersmashbrothersarmy_system2.1.0_for_ipbcpe:2.3:a:supersmashbrothers:army_system:2.1.0_for_ipb:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
supersmashbrothers	army_system	2.1.0_for_ipb	cpe:2.3:a:supersmashbrothers:army_system:2.1.0_for_ipb:::::::*

References

secubox.shadock.net/Invision_Power_Board_Army_System_Mod_2.1_and_prior_SQL_Injection_Exploit.html

secunia.com/advisories/18840

www.securityfocus.com/archive/1/424846/100/0/threaded

www.securityfocus.com/bid/16606

www.vupen.com/english/advisories/2006/0561

exchange.xforce.ibmcloud.com/vulnerabilities/24654

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

Related for CVE-2006-0750