Lucene search

[email protected]CVE-2006-1691

HistoryApr 11, 2006 - 10:02 a.m.

CVE-2006-1691

2006-04-1110:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

mwnewsletter

vulnerability

remote attackers

arbitrary sql commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php.

CPENameOperatorVersion
manic_web:mwnewslettermanic web mwnewslettereq1.0.0b

CPE	Name	Operator	Version
manic_web:mwnewsletter	manic web mwnewsletter	eq	1.0.0b

References

archives.neohapsis.com/archives/bugtraq/2006-04/0447.html

evuln.com/vulns/123/summary.html

secunia.com/advisories/19568

www.osvdb.org/24445

www.osvdb.org/24905

www.securityfocus.com/bid/17412

www.vupen.com/english/advisories/2006/1270

exchange.xforce.ibmcloud.com/vulnerabilities/25683

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2006-1691

prion1 securityvulns1