Lucene search

[email protected]CVE-2006-3536

HistoryJul 12, 2006 - 9:05 p.m.

CVE-2006-3536

2006-07-1221:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3536

security vulnerability

code injection

remote execution

ej3 topo

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.

CPENameOperatorVersion
ej3:topoej3 topoeq2.2
ej3:topoej3 topoeq2.2.178

CPE	Name	Operator	Version
ej3:topo	ej3 topo	eq	2.2
ej3:topo	ej3 topo	eq	2.2.178

References

www.securityfocus.com/bid/18935

www.vupen.com/english/advisories/2006/2736

exchange.xforce.ibmcloud.com/vulnerabilities/27659

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON