Lucene search

[email protected]CVE-2006-2697

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2697

2006-05-3110:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

easy-content forums

remote attackers

nvd

9.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

61.5%

JSON

Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp.

CPENameOperatorVersion
easy-content_forums:easy-content_forumseasy-content forumseq1.0

CPE	Name	Operator	Version
easy-content_forums:easy-content_forums	easy-content forums	eq	1.0

References

securityreason.com/securityalert/997

www.securityfocus.com/archive/1/435140/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26804

9.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2006-2697

prion1