Lucene search

[email protected]CVE-2006-3886

HistoryJul 27, 2006 - 1:04 a.m.

CVE-2006-3886

2006-07-2701:04:00

[email protected]

web.nvd.nist.gov

cve-2006-3886

sql injection

shalwan musicbox

remote attackers

arbitrary commands

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON

SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.

Affected configurations

NVD

Node

musicboxmusicboxMatch2.3

musicboxmusicboxMatch2.3.3

musicboxmusicboxMatch2.3.4

musicboxmusicboxMatch2.3_beta_2

CPENameOperatorVersion
musicbox:musicboxmusicboxeq2.3
musicbox:musicboxmusicboxeq2.3.3
musicbox:musicboxmusicboxeq2.3.4
musicbox:musicboxmusicboxeq2.3_beta_2

CPE	Name	Operator	Version
musicbox:musicbox	musicbox	eq	2.3
musicbox:musicbox	musicbox	eq	2.3.3
musicbox:musicbox	musicbox	eq	2.3.4
musicbox:musicbox	musicbox	eq	2.3_beta_2

References

securityreason.com/securityalert/1284

www.securityfocus.com/archive/1/441000/100/0/threaded

www.securityfocus.com/bid/19129

exchange.xforce.ibmcloud.com/vulnerabilities/27926

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON

Related for CVE-2006-3886

cvelist3 nvd3 prion2 cve2