Lucene search

[email protected]CVE-2006-4238

HistoryAug 21, 2006 - 6:04 p.m.

CVE-2006-4238

2006-08-2118:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4238

sql injection

webtorrent

wtcom

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode.

Affected configurations

NVD

Node

wtcomweb_torrentRange≤0.2.4_alpha

wtcomweb_torrentMatch0.1_alpha

wtcomweb_torrentMatch0.2.1_alpha

wtcomweb_torrentMatch0.2.2_alpha

wtcomweb_torrentMatch0.2.3_alpha

wtcomweb_torrentMatch0.2_alpha

CPENameOperatorVersion
wtcom:web_torrentwtcom web torrentle0.2.4_alpha
wtcom:web_torrentwtcom web torrenteq0.1_alpha
wtcom:web_torrentwtcom web torrenteq0.2.1_alpha
wtcom:web_torrentwtcom web torrenteq0.2.2_alpha
wtcom:web_torrentwtcom web torrenteq0.2.3_alpha
wtcom:web_torrentwtcom web torrenteq0.2_alpha

CPE	Name	Operator	Version
wtcom:web_torrent	wtcom web torrent	le	0.2.4_alpha
wtcom:web_torrent	wtcom web torrent	eq	0.1_alpha
wtcom:web_torrent	wtcom web torrent	eq	0.2.1_alpha
wtcom:web_torrent	wtcom web torrent	eq	0.2.2_alpha
wtcom:web_torrent	wtcom web torrent	eq	0.2.3_alpha
wtcom:web_torrent	wtcom web torrent	eq	0.2_alpha

References

www.securityfocus.com/bid/19569

exchange.xforce.ibmcloud.com/vulnerabilities/28426

www.exploit-db.com/exploits/2200

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for CVE-2006-4238

cvelist1 nvd1