Lucene search

[email protected]CVE-2006-1049

HistoryMar 07, 2006 - 11:02 a.m.

CVE-2006-1049

2006-03-0711:02:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-1049

joomla security

sql injection

admin functionality

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.7%

JSON

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.

Affected configurations

NVD

Node

joomlajoomlaRange≤1.0.7

joomlajoomlaMatch1.0.0

joomlajoomlaMatch1.0.1

joomlajoomlaMatch1.0.2

joomlajoomlaMatch1.0.3

joomlajoomlaMatch1.0.4

joomlajoomlaMatch1.0.5

joomlajoomlaMatch1.0.6

CPENameOperatorVersion
joomla:joomlajoomlale1.0.7
joomla:joomlajoomlaeq1.0.0
joomla:joomlajoomlaeq1.0.1
joomla:joomlajoomlaeq1.0.2
joomla:joomlajoomlaeq1.0.3
joomla:joomlajoomlaeq1.0.4
joomla:joomlajoomlaeq1.0.5
joomla:joomlajoomlaeq1.0.6

CPE	Name	Operator	Version
joomla:joomla	joomla	le	1.0.7
joomla:joomla	joomla	eq	1.0.0
joomla:joomla	joomla	eq	1.0.1
joomla:joomla	joomla	eq	1.0.2
joomla:joomla	joomla	eq	1.0.3
joomla:joomla	joomla	eq	1.0.4
joomla:joomla	joomla	eq	1.0.5
joomla:joomla	joomla	eq	1.0.6

References

secunia.com/advisories/19105

www.joomla.org/content/view/938/78/

www.osvdb.org/23819

www.vupen.com/english/advisories/2006/0818

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for CVE-2006-1049

prion1 cvelist1 nvd1