Lucene search

[email protected]CVE-2006-3318

HistoryJun 29, 2006 - 9:05 p.m.

CVE-2006-3318

2006-06-2921:05:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-3318

sql injection

phpraid

security vulnerability

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.

Affected configurations

NVD

Node

spiffyjrphpraidMatch3.0.6

CPENameOperatorVersion
spiffyjr:phpraidspiffyjr phpraideq3.0.6

CPE	Name	Operator	Version
spiffyjr:phpraid	spiffyjr phpraid	eq	3.0.6

References

secunia.com/advisories/20865

secunia.com/secunia_research/2006-47/advisory/

securityreason.com/securityalert/1173

www.securityfocus.com/archive/1/438706/100/0/threaded

www.vupen.com/english/advisories/2006/2593

exchange.xforce.ibmcloud.com/vulnerabilities/27459

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2006-3318

nvd1 cvelist1