Lucene search

[email protected]CVE-2006-2328

HistoryMay 12, 2006 - 12:02 a.m.

CVE-2006-2328

2006-05-1200:02:00

[email protected]

web.nvd.nist.gov

cve

2006

2328

sql injection

vulnerability

angelinecms

remote attackers

sql commands

8.4 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.4%

JSON

SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string.

Affected configurations

NVD

Node

angelinecmsangelinecmsRange≤0.6.5

CPENameOperatorVersion
angelinecms:angelinecmsangelinecmsle0.6.5

CPE	Name	Operator	Version
angelinecms:angelinecms	angelinecms	le	0.6.5

References

securityreason.com/securityalert/883

www.securityfocus.com/archive/1/433241/100/0/threaded

www.subjectzero.net/research/ang_CMS.htm

exchange.xforce.ibmcloud.com/vulnerabilities/26382

8.4 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for CVE-2006-2328

cvelist1 nvd1 prion1