Lucene search

[email protected]CVE-2006-2617

HistoryMay 26, 2006 - 1:06 a.m.

CVE-2006-2617

2006-05-2601:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2617

alstrasoft web host directory 1.2

hyperstop webhost directory 1.2

sql injection

remote attack

nvd

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.

CPENameOperatorVersion
alstrasoft:webhost_directoryalstrasoft webhost directoryeq1.2

CPE	Name	Operator	Version
alstrasoft:webhost_directory	alstrasoft webhost directory	eq	1.2

References

secunia.com/advisories/20276

secunia.com/advisories/20278

securityreason.com/securityalert/955

www.securityfocus.com/archive/1/434912/100/0/threaded

www.sitepoint.com/forums/showthread.php?t=311969

www.vupen.com/english/advisories/2006/1972

www.vupen.com/english/advisories/2006/1973

exchange.xforce.ibmcloud.com/vulnerabilities/26656

exchange.xforce.ibmcloud.com/vulnerabilities/26661

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2006-2617

prion1 cve1