Lucene search

[email protected]CVE-2006-2854

HistoryJun 06, 2006 - 8:06 p.m.

CVE-2006-2854

2006-06-0620:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

ibwd guestbook 1.0

vulnerability

remote execution

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.1%

JSON

SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.

CPENameOperatorVersion
ibwd:ibwd_guestbookibwd ibwd guestbookeq1.0

CPE	Name	Operator	Version
ibwd:ibwd_guestbook	ibwd ibwd guestbook	eq	1.0

References

downloads.securityfocus.com/vulnerabilities/exploits/iBWD_poc.txt

secunia.com/advisories/20509

www.securityfocus.com/bid/18256

www.vupen.com/english/advisories/2006/2193

exchange.xforce.ibmcloud.com/vulnerabilities/26996

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2006-2854

prion1