Lucene search

MitreCVE-2006-3852

HistoryJul 25, 2006 - 11:04 p.m.

CVE-2006-3852

2006-07-2523:04:00

mitre

web.nvd.nist.gov

cve-2006-3852

xss vulnerability

micro guestbook

sql injection

index.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment (“text”) fields.

Affected configurations

Nvd

Node

phptoysmicro_guestbook

VendorProductVersionCPE
phptoysmicro_guestbook*cpe:2.3:a:phptoys:micro_guestbook:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phptoys	micro_guestbook	*	cpe:2.3:a:phptoys:micro_guestbook::::::::

References

it.security.netsons.org/exploit/MicroGuestBook.txt

secunia.com/advisories/21155

securityreason.com/securityalert/1285

www.osvdb.org/28677

www.securityfocus.com/archive/1/440855/100/0/threaded

www.securityfocus.com/bid/19119

www.vupen.com/english/advisories/2006/2935

exchange.xforce.ibmcloud.com/vulnerabilities/27911

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Related for CVE-2006-3852