Lucene search

[email protected]CVE-2006-3262

HistoryJun 27, 2006 - 9:05 p.m.

CVE-2006-3262

2006-06-2721:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

3262

sql injection

vulnerability

weblinks module

mambo

remote attackers

sql commands

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

91.0%

JSON

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

CPENameOperatorVersion
mambo:mambomambole4.6

CPE	Name	Operator	Version
mambo:mambo	mambo	le	4.6

References

retrogod.altervista.org/mambo_46rc1_sql.html

secunia.com/advisories/20745

securityreason.com/securityalert/1158

securitytracker.com/id?1016334

www.mamboserver.com/?option=com_content&task=view&id=207

www.osvdb.org/26624

www.securityfocus.com/archive/1/437496/100/100/threaded

www.securityfocus.com/bid/18492

www.vupen.com/english/advisories/2006/2416

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2006-3262

cvelist1 nessus1 openvas2 freebsd1