Lucene search

[email protected]CVE-2006-0919

HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0919

2006-02-2811:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

oi! email marketing system 3.0

vulnerability

nvd

cve-2006-0919

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON

SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

CPENameOperatorVersion
oi:email_marketing_systemoi email marketing systemeq3.0

CPE	Name	Operator	Version
oi:email_marketing_system	oi email marketing system	eq	3.0

References

secunia.com/advisories/18993

www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt

www.osvdb.org/23462

www.securityfocus.com/archive/1/425924/100/0/threaded

www.vupen.com/english/advisories/2006/0718

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2006-0919

prion1