Lucene search

[email protected]CVE-2006-3474

HistoryJul 10, 2006 - 8:05 p.m.

CVE-2006-3474

2006-07-1020:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3474

sql injection

belchior foundry vcard pro

security vulnerability

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.5%

JSON

Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and © create.php, and the (3) event_id parameter to (d) search.php.

CPENameOperatorVersion
belchior_foundry:vcardbelchior foundry vcardeqpro

CPE	Name	Operator	Version
belchior_foundry:vcard	belchior foundry vcard	eq	pro

References

securityreason.com/securityalert/1230

www.securityfocus.com/archive/1/438589/100/100/threaded

www.securityfocus.com/bid/18699

exchange.xforce.ibmcloud.com/vulnerabilities/27427

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.5%

JSON