Lucene search

[email protected]CVE-2006-3309

HistoryJun 29, 2006 - 1:05 a.m.

CVE-2006-3309

2006-06-2901:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3309

sql injection

spt

forumtopics.php

scout portal toolkit

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON

SQL injection vulnerability in SPT–ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

CPENameOperatorVersion
internet_scout_project:scout_portal_toolkitinternet scout project scout portal toolkitle1.4.0

CPE	Name	Operator	Version
internet_scout_project:scout_portal_toolkit	internet scout project scout portal toolkit	le	1.4.0

References

secunia.com/advisories/20857

www.osvdb.org/26870

www.securityfocus.com/bid/18688

www.vupen.com/english/advisories/2006/2560

exchange.xforce.ibmcloud.com/vulnerabilities/27401

www.exploit-db.com/exploits/1957

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2006-3309

nessus1