Lucene search

[email protected]CVE-2006-0856

HistoryFeb 23, 2006 - 11:02 p.m.

CVE-2006-0856

2006-02-2323:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0856

sql injection

scriptme sme gb host 1.21

authentication bypass

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.9%

JSON

SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter.

Affected configurations

NVD

Node

scriptmesme_gb_hostMatch1.21

CPENameOperatorVersion
scriptme:sme_gb_hostscriptme sme gb hosteq1.21

CPE	Name	Operator	Version
scriptme:sme_gb_host	scriptme sme gb host	eq	1.21

References

secunia.com/advisories/18823

www.evuln.com/vulns/66/summary.html

www.securityfocus.com/archive/1/425317/100/0/threaded

www.securityfocus.com/bid/16609

www.vupen.com/english/advisories/2006/0543

exchange.xforce.ibmcloud.com/vulnerabilities/24544

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.9%

JSON

Related for CVE-2006-0856

prion1 cvelist1 nvd1