Lucene search

[email protected]CVE-2006-4853

HistorySep 19, 2006 - 1:07 a.m.

CVE-2006-4853

2006-09-1901:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4853

sql injection

kategorix.asp

haberx 1.02

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.

Affected configurations

NVD

Node

haberxhaberxMatch1.0.2

haberxhaberxMatch1.0.3

haberxhaberxMatch1.0.9

haberxhaberxMatch1.1

CPENameOperatorVersion
haberx:haberxhaberxeq1.0.2
haberx:haberxhaberxeq1.0.3
haberx:haberxhaberxeq1.0.9
haberx:haberxhaberxeq1.1

CPE	Name	Operator	Version
haberx:haberx	haberx	eq	1.0.2
haberx:haberx	haberx	eq	1.0.3
haberx:haberx	haberx	eq	1.0.9
haberx:haberx	haberx	eq	1.1

References

packetstorm.linuxsecurity.com/0609-exploits/haberx.txt

secunia.com/advisories/21960

www.securityfocus.com/bid/20038

www.vupen.com/english/advisories/2006/3661

exchange.xforce.ibmcloud.com/vulnerabilities/28988

www.exploit-db.com/exploits/2371

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for CVE-2006-4853

cvelist1 nvd1