Lucene search

[email protected]CVE-2006-3296

HistoryJun 29, 2006 - 1:05 a.m.

CVE-2006-3296

2006-06-2901:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

3296

sql injection

open guestbook 0.5

security vulnerability

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON

SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.

CPENameOperatorVersion
george_currums:open_guestbookgeorge currums open guestbookeq0.5

CPE	Name	Operator	Version
george_currums:open_guestbook	george currums open guestbook	eq	0.5

References

secunia.com/advisories/20796

securityreason.com/securityalert/1166

www.securityfocus.com/archive/1/438381/100/0/threaded

www.securityfocus.com/bid/18666

www.vupen.com/english/advisories/2006/2545

exchange.xforce.ibmcloud.com/vulnerabilities/27400

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON