Lucene search

[email protected]CVE-2006-1641

HistoryApr 06, 2006 - 10:04 a.m.

CVE-2006-1641

2006-04-0610:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

1641

sql injection

czarnews 1.14

remote attackers

execute arbitrary sql commands

8.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to © dpost.php.

CPENameOperatorVersion
czaries_network:czarnewsczaries network czarnewsle1.14
czaries_network:czarnewsczaries network czarnewseq1.13b

CPE	Name	Operator	Version
czaries_network:czarnews	czaries network czarnews	le	1.14
czaries_network:czarnews	czaries network czarnews	eq	1.13b

References

evuln.com/vulns/118/summary.html

secunia.com/advisories/19541

securitytracker.com/id?1015957

www.osvdb.org/24382

www.osvdb.org/24383

www.osvdb.org/24384

www.securityfocus.com/archive/1/431132/100/0/threaded

www.securityfocus.com/bid/17380

www.vupen.com/english/advisories/2006/1237

exchange.xforce.ibmcloud.com/vulnerabilities/25624

8.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2006-1641

prion1 cvelist1 securityvulns1