Lucene search

[email protected]CVE-2006-2985

HistoryJun 13, 2006 - 1:02 a.m.

CVE-2006-2985

2006-06-1301:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2985

sql injection

integramod

security vulnerability

index.php

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON

SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded “'” characters in the STYLE_URL parameter.

CPENameOperatorVersion
integramod:integramodintegramodle1.4.0

CPE	Name	Operator	Version
integramod:integramod	integramod	le	1.4.0

References

securityreason.com/securityalert/1085

www.attrition.org/pipermail/vim/2006-June/000847.html

www.securityfocus.com/archive/1/436457/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/27097

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON