Lucene search

[email protected]CVE-2006-4107

HistoryAug 14, 2006 - 8:04 p.m.

CVE-2006-4107

2006-08-1420:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4107

sql injection

drupal

job search module

remote attackers

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.5%

JSON

SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.

Affected configurations

NVD

Node

drupaljob_searchMatch4.6_rev1.3.2

CPENameOperatorVersion
drupal:job_searchdrupal job searcheq4.6_rev1.3.2

CPE	Name	Operator	Version
drupal:job_search	drupal job search	eq	4.6_rev1.3.2

References

drupal.org/node/77537

secunia.com/advisories/21380

www.securityfocus.com/bid/19420

www.vupen.com/english/advisories/2006/3187

exchange.xforce.ibmcloud.com/vulnerabilities/28274

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2006-4107

nvd1 cvelist1