Lucene search

[email protected]CVE-2006-4601

HistorySep 07, 2006 - 12:04 a.m.

CVE-2006-4601

2006-09-0700:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4601

sql injection

annuaire 1two 2.2

security vulnerability

remote attackers

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CPENameOperatorVersion
annuaire:1twoannuaire 1twoeq2.2

CPE	Name	Operator	Version
annuaire:1two	annuaire 1two	eq	2.2

References

acid-root.new.fr/poc/09060902.txt

secunia.com/advisories/21734

securityreason.com/securityalert/1496

www.securityfocus.com/archive/1/445010/100/0/threaded

www.securityfocus.com/bid/19817

www.vupen.com/english/advisories/2006/3440

exchange.xforce.ibmcloud.com/vulnerabilities/28730

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON