Lucene search

MitreCVE-2006-3307

HistoryJun 29, 2006 - 1:05 a.m.

CVE-2006-3307

2006-06-2901:05:00

mitre

web.nvd.nist.gov

project eros

bbsengine

sql injection

security vulnerability

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.

Affected configurations

Nvd

Node

zoid_technologiesproject_eros_bbsengineMatch2006-02-23

VendorProductVersionCPE
zoid_technologiesproject_eros_bbsengine2006-02-23cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-02-23:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zoid_technologies	project_eros_bbsengine	2006-02-23	cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-02-23:::::::*

References

secunia.com/advisories/20760

www.securityfocus.com/bid/18627

www.vupen.com/english/advisories/2006/2503

www.zoidtechnologies.com/projects/bbsengine/ChangeLog

exchange.xforce.ibmcloud.com/vulnerabilities/27408

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

Related for CVE-2006-3307