Lucene search

[email protected]CVE-2006-1123

HistoryMar 09, 2006 - 9:02 p.m.

CVE-2006-1123

2006-03-0921:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1123

sql injection

d2kblog 1.0.3

remote attackers

arbitrary sql commands

memname parameter

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.079 Low

EPSS

Percentile

94.2%

JSON

SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.

CPENameOperatorVersion
d2ksoft:d2kblogd2ksoft d2kblogeq1.0.1
d2ksoft:d2kblogd2ksoft d2kblogeq1.0
d2ksoft:d2kblogd2ksoft d2kblogeq1.0.3
d2ksoft:d2kblogd2ksoft d2kblogeq1.0.2

CPE	Name	Operator	Version
d2ksoft:d2kblog	d2ksoft d2kblog	eq	1.0.1
d2ksoft:d2kblog	d2ksoft d2kblog	eq	1.0
d2ksoft:d2kblog	d2ksoft d2kblog	eq	1.0.3
d2ksoft:d2kblog	d2ksoft d2kblog	eq	1.0.2

References

secunia.com/advisories/19177

securityreason.com/securityalert/559

www.osvdb.org/23770

www.securityfocus.com/archive/1/427103/100/0/threaded

www.securityfocus.com/bid/17035

www.vupen.com/english/advisories/2006/0896

exchange.xforce.ibmcloud.com/vulnerabilities/25215

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.079 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2006-1123

prion1