Lucene search

[email protected]CVE-2006-2459

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2459

2006-05-1910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2459

sql injection

php-fusion

remote authenticated users

nvd

8.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.042 Low

EPSS

Percentile

92.2%

JSON

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

CPENameOperatorVersion
php_fusion:php_fusionphp fusioneq6.00.307
php_fusion:php_fusionphp fusioneq6.00.306

CPE	Name	Operator	Version
php_fusion:php_fusion	php fusion	eq	6.00.307
php_fusion:php_fusion	php fusion	eq	6.00.306

References

retrogod.altervista.org/phpfusion_600306_sql.html

secunia.com/advisories/20129

securityreason.com/securityalert/922

securitytracker.com/id?1016111

www.osvdb.org/25542

www.securityfocus.com/archive/1/434162/100/0/threaded

www.securityfocus.com/bid/18009

www.vupen.com/english/advisories/2006/1839

exchange.xforce.ibmcloud.com/vulnerabilities/26491

8.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.042 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2006-2459

cvelist2 prion2 cve1