Lucene search

[email protected]CVE-2006-2499

HistoryMay 20, 2006 - 3:02 a.m.

CVE-2006-2499

2006-05-2003:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2499

sql injection

codeavalanche news

canews 1.2

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.3%

JSON

SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.

Affected configurations

NVD

Node

xfairguycodeavalanche_newsMatch1.2

CPENameOperatorVersion
xfairguy:codeavalanche_newsxfairguy codeavalanche newseq1.2

CPE	Name	Operator	Version
xfairguy:codeavalanche_news	xfairguy codeavalanche news	eq	1.2

References

colander.altervista.org/advisory/CANews.txt

secunia.com/advisories/20171

www.osvdb.org/25652

www.securityfocus.com/archive/1/434730/100/0/threaded

www.securityfocus.com/bid/18031

www.vupen.com/english/advisories/2006/1870

exchange.xforce.ibmcloud.com/vulnerabilities/26586

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2006-2499

cvelist1 prion1 nvd1