Lucene search

[email protected]CVE-2006-4748

HistorySep 13, 2006 - 10:07 p.m.

CVE-2006-4748

2006-09-1322:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4748

sql injection

f-art blog:cms

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in © admin/plugins/NP_Referrer.php.

Affected configurations

NVD

Node

f-art_agencyblog_cmsMatch4.1

CPENameOperatorVersion
f-art_agency:blog_cmsf-art agency blog cmseq4.1

CPE	Name	Operator	Version
f-art_agency:blog_cms	f-art agency blog cms	eq	4.1

References

blogcms.com/wiki/changelog

secunia.com/advisories/21808

securityreason.com/securityalert/1566

www.hackers.ir/advisories/blogcms.html

www.osvdb.org/28604

www.osvdb.org/28605

www.osvdb.org/28606

www.securityfocus.com/archive/1/445538/100/0/threaded

www.securityfocus.com/bid/19909

www.vupen.com/english/advisories/2006/3521

exchange.xforce.ibmcloud.com/vulnerabilities/28808

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2006-4748

cvelist1 nvd1