Lucene search

[email protected]CVE-2006-3164

HistoryJun 22, 2006 - 10:06 p.m.

CVE-2006-3164

2006-06-2222:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3164

sql injection

category.php

tpl design tplshop 2.0

security vulnerability

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON

SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter.

CPENameOperatorVersion
tpl_design:tplshoptpl design tplshople2.0

CPE	Name	Operator	Version
tpl_design:tplshop	tpl design tplshop	le	2.0

References

pridels0.blogspot.com/2006/06/tplshop-v-20-vuln.html

secunia.com/advisories/20738

www.osvdb.org/26631

www.securityfocus.com/bid/18524

www.vupen.com/english/advisories/2006/2418

exchange.xforce.ibmcloud.com/vulnerabilities/27200

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON