Lucene search

[email protected]CVE-2006-4042

HistoryAug 09, 2006 - 11:04 p.m.

CVE-2006-4042

2006-08-0923:04:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-4042

sql injection

mywebland

mybloggie

trackback.php

vulnerability

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.

Affected configurations

NVD

Node

myweblandmybloggieRange≤2.1.4

CPENameOperatorVersion
mywebland:mybloggiemywebland mybloggiele2.1.4

CPE	Name	Operator	Version
mywebland:mybloggie	mywebland mybloggie	le	2.1.4

References

retrogod.altervista.org/mybloggie_214_sql.html

secunia.com/advisories/21376

securityreason.com/securityalert/1347

www.securityfocus.com/archive/1/442323/100/0/threaded

www.securityfocus.com/bid/19362

www.vupen.com/english/advisories/2006/3179

exchange.xforce.ibmcloud.com/vulnerabilities/28241

www.exploit-db.com/exploits/2118

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2006-4042

nvd1 cvelist1