Lucene search

[email protected]CVE-2006-1000

HistoryMar 06, 2006 - 8:06 p.m.

CVE-2006-1000

2006-03-0620:06:00

[email protected]

web.nvd.nist.gov

sql injection

pentacle in-out board

security vulnerability

authentication bypass

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Affected configurations

NVD

Node

g2softpentacle_in-out_boardMatch6.03

CPENameOperatorVersion
g2soft:pentacle_in-out_boardg2soft pentacle in-out boardeq6.03

CPE	Name	Operator	Version
g2soft:pentacle_in-out_board	g2soft pentacle in-out board	eq	6.03

References

lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html

lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html

secunia.com/advisories/19024

securitytracker.com/id?1015682

www.nukedx.com/?viewdoc=13

www.nukedx.com/?viewdoc=14

www.securityfocus.com/archive/1/426074/100/0/threaded

www.securityfocus.com/archive/1/426075/100/0/threaded

www.securityfocus.com/bid/16818

www.vupen.com/english/advisories/2006/0749

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Related for CVE-2006-1000

cvelist1 nvd1 prion1