Lucene search

[email protected]CVE-2006-3267

HistoryJun 27, 2006 - 9:05 p.m.

CVE-2006-3267

2006-06-2721:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3267

sql injection

infinite core technologies

remote code execution

security vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.

CPENameOperatorVersion
infinite_core_technologies:ictinfinite core technologies ictle1.0_gold

CPE	Name	Operator	Version
infinite_core_technologies:ict	infinite core technologies ict	le	1.0_gold

References

pridels0.blogspot.com/2006/06/ict-infinite-core-technologies-vuln.html

secunia.com/advisories/20806

www.securityfocus.com/bid/18644

www.vupen.com/english/advisories/2006/2517

exchange.xforce.ibmcloud.com/vulnerabilities/27360

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON