Lucene search

[email protected]CVE-2006-2616

HistoryMay 26, 2006 - 1:06 a.m.

CVE-2006-2616

2006-05-2601:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2616

sql injection

alstrasoft web host directory

hyperstop webhost directory

nvd

vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.

CPENameOperatorVersion
alstrasoft:webhost_directoryalstrasoft webhost directoryeq1.2

CPE	Name	Operator	Version
alstrasoft:webhost_directory	alstrasoft webhost directory	eq	1.2

References

secunia.com/advisories/20276

secunia.com/advisories/20278

securityreason.com/securityalert/955

www.securityfocus.com/archive/1/434912/100/0/threaded

www.vupen.com/english/advisories/2006/1972

www.vupen.com/english/advisories/2006/1973

exchange.xforce.ibmcloud.com/vulnerabilities/26653

exchange.xforce.ibmcloud.com/vulnerabilities/26658

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2006-2616

prion1