Lucene search

[email protected]CVE-2006-2525

HistoryMay 22, 2006 - 10:02 p.m.

CVE-2006-2525

2006-05-2222:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

2525

sql injection

vulnerability

usebb

remote attackers

arbitrary

sql commands

member list

search module

9.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.0%

JSON

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module.

CPENameOperatorVersion
usebb:usebbusebbeq1.0_rc1

CPE	Name	Operator	Version
usebb:usebb	usebb	eq	1.0_rc1

References

secunia.com/advisories/20187

sourceforge.net/project/shownotes.php?release_id=418462&group_id=93103

www.osvdb.org/25685

www.usebb.net/community/topic.php?id=1130

www.vupen.com/english/advisories/2006/1900

exchange.xforce.ibmcloud.com/vulnerabilities/26598

9.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for CVE-2006-2525

prion1