Lucene search

[email protected]CVE-2006-1421

HistoryMar 28, 2006 - 8:02 p.m.

CVE-2006-1421

2006-03-2820:02:00

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

akocomment.php

akocomment 2.0

mambo

security

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.

Affected configurations

NVD

Node

arthur_konze_webdesignakocommentMatch2.0

CPENameOperatorVersion
arthur_konze_webdesign:akocommentarthur konze webdesign akocommenteq2.0

CPE	Name	Operator	Version
arthur_konze_webdesign:akocomment	arthur konze webdesign akocomment	eq	2.0

References

secunia.com/advisories/19392

securityreason.com/securityalert/631

www.osvdb.org/24209

www.securityfocus.com/archive/1/428893/100/0/threaded

www.securityfocus.com/bid/17241

www.vupen.com/english/advisories/2006/1136

exchange.xforce.ibmcloud.com/vulnerabilities/25451

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2006-1421

cvelist2 nvd2 prion2 cve1