Lucene search

[email protected]CVE-2006-1076

HistoryMar 09, 2006 - 12:02 a.m.

CVE-2006-1076

2006-03-0900:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1076

sql injection

index.php

showtopic operation

invision power board

ipb 2.1.5

remote attackers

arbitrary sql commands

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.4%

JSON

SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.5

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.5

References

www.securityfocus.com/archive/1/426875/100/0/threaded

www.securityfocus.com/archive/1/430357/100/0/threaded

www.securityfocus.com/bid/16971

exchange.xforce.ibmcloud.com/vulnerabilities/25254

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2006-1076

prion1 cvelist1