Lucene search

[email protected]CVE-2006-3525

HistoryJul 12, 2006 - 12:05 a.m.

CVE-2006-3525

2006-07-1200:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3525

sql injection

phcdownload

security vulnerability

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.6%

JSON

SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CPENameOperatorVersion
phpcredo:phcdownloadphpcredo phcdownloadeq1.0.0_final
phpcredo:phcdownloadphpcredo phcdownloadle1.0.0_release_candidate_6

CPE	Name	Operator	Version
phpcredo:phcdownload	phpcredo phcdownload	eq	1.0.0_final
phpcredo:phcdownload	phpcredo phcdownload	le	1.0.0_release_candidate_6

References

pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html

exchange.xforce.ibmcloud.com/vulnerabilities/27238

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for CVE-2006-3525

cvelist1