Lucene search

K
cve[email protected]CVE-2006-1217
HistoryMar 14, 2006 - 2:02 a.m.

CVE-2006-1217

2006-03-1402:02:00
NVD-CWE-Other
web.nvd.nist.gov
18
cve-2006-1217
sql injection
dspoll 1.1
remote attackers
arbitrary sql commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php.

CPENameOperatorVersion
dsportal:dspolldsportal dspolleq1.1

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

Related for CVE-2006-1217