Lucene search

[email protected]CVE-2006-2835

HistoryJun 06, 2006 - 8:06 p.m.

CVE-2006-2835

2006-06-0620:06:00

[email protected]

web.nvd.nist.gov

cve-2006-2835

sql injection

saphplesson 2.0

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.079 Low

EPSS

Percentile

94.3%

JSON

SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.

Affected configurations

NVD

Node

arablesssaphplessonMatch2.0

CPENameOperatorVersion
arabless:saphplessonarabless saphplessoneq2.0

CPE	Name	Operator	Version
arabless:saphplesson	arabless saphplesson	eq	2.0

References

securityreason.com/securityalert/1047

www.securityfocus.com/archive/1/435202/100/0/threaded

www.securityfocus.com/archive/1/440120

www.securityfocus.com/archive/1/472798/100/0/threaded

www.securityfocus.com/bid/18117

www.securityfocus.com/bid/18934

exchange.xforce.ibmcloud.com/vulnerabilities/26757

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.079 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2006-2835

checkpoint_advisories2 cvelist1 prion1 nvd1