Lucene search

[email protected]CVE-2006-2674

HistoryMay 30, 2006 - 9:02 p.m.

CVE-2006-2674

2006-05-3021:02:00

[email protected]

web.nvd.nist.gov

sql injection

tamber forum

vulnerability

remote execution

security risk

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON

Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to © admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp.

Affected configurations

NVD

Node

tamber_forumtamber_forumRange≤1.9.13

CPENameOperatorVersion
tamber_forum:tamber_forumtamber forumle1.9.13

CPE	Name	Operator	Version
tamber_forum:tamber_forum	tamber forum	le	1.9.13

References

securityreason.com/securityalert/986

www.osvdb.org/26564

www.osvdb.org/26565

www.osvdb.org/26566

www.osvdb.org/26567

www.osvdb.org/26568

www.securityfocus.com/archive/1/435125/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26797

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2006-2674

cvelist1 nvd1 prion1