Lucene search

[email protected]CVE-2006-3254

HistoryJun 28, 2006 - 1:45 a.m.

CVE-2006-3254

2006-06-2801:45:00

[email protected]

web.nvd.nist.gov

cve-2006-3254

sql injection

woltlab burning board

wbb 2.0 rc2

newthread.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.

Affected configurations

NVD

Node

woltlabburning_boardMatch2.0_rc2

CPENameOperatorVersion
woltlab:burning_boardwoltlab burning boardeq2.0_rc2

CPE	Name	Operator	Version
woltlab:burning_board	woltlab burning board	eq	2.0_rc2

References

securityreason.com/securityalert/1154

securitytracker.com/id?1016374

www.securityfocus.com/archive/1/438252

www.securityfocus.com/bid/18597

exchange.xforce.ibmcloud.com/vulnerabilities/27350

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2006-3254

cvelist1 nvd1