Lucene search

[email protected]CVE-2006-2565

HistoryMay 24, 2006 - 8:02 p.m.

CVE-2006-2565

2006-05-2420:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2565

sql injection

alstrasoft article manager pro

security vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.0%

JSON

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.

CPENameOperatorVersion
alstrasoft:article_manager_proalstrasoft article manager proeq1.6

CPE	Name	Operator	Version
alstrasoft:article_manager_pro	alstrasoft article manager pro	eq	1.6

References

secunia.com/advisories/20228

securityreason.com/securityalert/949

www.securityfocus.com/archive/1/434847/100/0/threaded

www.vupen.com/english/advisories/2006/1943

exchange.xforce.ibmcloud.com/vulnerabilities/26674

exchange.xforce.ibmcloud.com/vulnerabilities/26676

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.0%

JSON

Related for CVE-2006-2565

cvelist1 prion1