Lucene search

[email protected]CVE-2006-3905

HistoryJul 27, 2006 - 10:04 p.m.

CVE-2006-3905

2006-07-2722:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

3905

sql injection

webland mybloggie

security vulnerability

index.php

remote attackers

nvd

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.

CPENameOperatorVersion
mywebland:mybloggiemywebland mybloggieeq2.1.3_beta
mywebland:mybloggiemywebland mybloggieeq2.1.3

CPE	Name	Operator	Version
mywebland:mybloggie	mywebland mybloggie	eq	2.1.3_beta
mywebland:mybloggie	mywebland mybloggie	eq	2.1.3

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html

marc.info/?l=bugtraq&m=114791192612460&w=2

www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt

www.osvdb.org/displayvuln.php?osvdb_id=26559

www.osvdb.org/displayvuln.php?osvdb_id=26560

www.securityfocus.com/archive/1/441356/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26486

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2006-3905

cvelist1