Lucene search

[email protected]CVE-2006-3244

HistoryJun 27, 2006 - 10:05 a.m.

CVE-2006-3244

2006-06-2710:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

anthill

buglist.php

query.php

vulnerability

remote attack

9.5 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON

Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php.

CPENameOperatorVersion
anthill:anthillanthillle0.2.6
anthill:anthillanthilleq0.3.0

CPE	Name	Operator	Version
anthill:anthill	anthill	le	0.2.6
anthill:anthill	anthill	eq	0.3.0

References

pridels0.blogspot.com/2006/06/anthill-sql-injection-vuln.html

secunia.com/advisories/20838

www.securityfocus.com/bid/18661

www.vupen.com/english/advisories/2006/2529

exchange.xforce.ibmcloud.com/vulnerabilities/27373

9.5 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON