Lucene search

[email protected]CVE-2006-3365

HistoryJul 06, 2006 - 8:05 p.m.

CVE-2006-3365

2006-07-0620:05:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2006-3365

v3 chat

remote attackers

installation path

sql statement

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.

Affected configurations

NVD

Node

v3_chatv3_chatMatchbeta

CPENameOperatorVersion
v3_chat:v3_chatv3 chateqbeta

CPE	Name	Operator	Version
v3_chat:v3_chat	v3 chat	eq	beta

References

securitytracker.com/id?1016340

www.securityfocus.com/archive/1/437755/100/200/threaded

www.securityfocus.com/archive/1/438069/100/200/threaded

www.securityfocus.com/bid/18543

www.vupen.com/english/advisories/2006/2474

exchange.xforce.ibmcloud.com/vulnerabilities/27395

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2006-3365

cvelist1 nvd1