Lucene search

[email protected]CVE-2006-1685

HistoryApr 11, 2006 - 12:02 a.m.

CVE-2006-1685

2006-04-1100:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1685

sql injection

apt-webshop-system

remote code execution

path disclosure

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.

CPENameOperatorVersion
apt:apt-webshop-systemapt apt-webshop-systemeq4.0
apt:apt-webshop-systemapt apt-webshop-systemeq3.0

CPE	Name	Operator	Version
apt:apt-webshop-system	apt apt-webshop-system	eq	4.0
apt:apt-webshop-system	apt apt-webshop-system	eq	3.0

References

pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html

secunia.com/advisories/19592

www.securityfocus.com/bid/17425

www.vupen.com/english/advisories/2006/1293

exchange.xforce.ibmcloud.com/vulnerabilities/25731

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2006-1685

prion1 cvelist1