Lucene search

[email protected]CVE-2006-2504

HistoryMay 22, 2006 - 7:02 p.m.

CVE-2006-2504

2006-05-2219:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

mono azboard 1.0

security vulnerability

remote attack

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON

Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.

CPENameOperatorVersion
azboard:azboardazboardle1.0

CPE	Name	Operator	Version
azboard:azboard	azboard	le	1.0

References

secunia.com/advisories/20112

securityreason.com/securityalert/928

user.chol.com/~jyj9782/sec/azboard_advisory.txt

www.osvdb.org/25527

www.osvdb.org/25528

www.securityfocus.com/archive/1/434010/100/0/threaded

www.securityfocus.com/bid/17990

www.vupen.com/english/advisories/2006/1827

exchange.xforce.ibmcloud.com/vulnerabilities/26495

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2006-2504

prion1