Lucene search

[email protected]CVE-2006-4284

HistoryAug 22, 2006 - 5:04 p.m.

CVE-2006-4284

2006-08-2217:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

4284

sql injection

vulnerability

lblog 1.05

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CPENameOperatorVersion
lblog:lbloglblogeq1.05

CPE	Name	Operator	Version
lblog:lblog	lblog	eq	1.05

References

secunia.com/advisories/21596

securityreason.com/securityalert/1445

securitytracker.com/id?1016721

www.osvdb.org/28036

www.securityfocus.com/archive/1/443872/100/0/threaded

www.securityfocus.com/bid/19607

exchange.xforce.ibmcloud.com/vulnerabilities/28472

www.exploit-db.com/exploits/2230

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON