Lucene search

[email protected]CVE-2006-4347

HistoryAug 24, 2006 - 9:04 p.m.

CVE-2006-4347

2006-08-2421:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4347

sql injection

cool manager

authentication

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field.

Affected configurations

NVD

Node

jirancool_managerMatch5.0

jirancool_messenger_office_school_serverMatch5.5

CPENameOperatorVersion
jiran:cool_managerjiran cool managereq5.0
jiran:cool_messenger_office_school_serverjiran cool messenger office school servereq5.5

CPE	Name	Operator	Version
jiran:cool_manager	jiran cool manager	eq	5.0
jiran:cool_messenger_office_school_server	jiran cool messenger office school server	eq	5.5

References

archives.neohapsis.com/archives/fulldisclosure/2006-08/0605.html

secunia.com/advisories/21569

vuln.sg/coolmessenger55-en.html

www.osvdb.org/28117

www.securityfocus.com/bid/19669

www.vupen.com/english/advisories/2006/3362

exchange.xforce.ibmcloud.com/vulnerabilities/28531

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2006-4347

cvelist1 nvd1