Lucene search

[email protected]CVE-2006-2972

HistoryJun 12, 2006 - 10:02 p.m.

CVE-2006-2972

2006-06-1222:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

vs_resource.php

arantius vice stats 0.5b

arantius vice stats 1.0

remote attackers

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CPENameOperatorVersion
arantius:vice_statsarantius vice statseq1.0
arantius:vice_statsarantius vice statseq0.5_beta

CPE	Name	Operator	Version
arantius:vice_stats	arantius vice stats	eq	1.0
arantius:vice_stats	arantius vice stats	eq	0.5_beta

References

secunia.com/advisories/20512

securityreason.com/securityalert/1073

www.arantius.com/topic/vice+stats

www.attrition.org/pipermail/vim/2006-June/000848.html

www.securityfocus.com/archive/1/436290/100/0/threaded

www.securityfocus.com/bid/18317

exchange.xforce.ibmcloud.com/vulnerabilities/26985

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2006-2972

prion1 cve1