Lucene search

K
cve[email protected]CVE-2006-3359
HistoryJul 06, 2006 - 8:05 p.m.

CVE-2006-3359

2006-07-0620:05:00
NVD-CWE-Other
web.nvd.nist.gov
18
cve-2006-3359
newsphp 2006 pro
sql injection
web script injection
html injection
remote attack

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

82.9%

Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php.

CPENameOperatorVersion
newsphp:newsphpnewsphpeq2006_pro

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

82.9%