Lucene search

[email protected]CVE-2006-4876

HistorySep 19, 2006 - 9:07 p.m.

CVE-2006-4876

2006-09-1921:07:00

[email protected]

web.nvd.nist.gov

jupiter cms

sql injection

remote attackers

arbitrary commands

security vulnerabilities

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

JSON

Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.

Affected configurations

NVD

Node

jupiter_cmsjupiter_cms

CPENameOperatorVersion
jupiter_cms:jupiter_cmsjupiter cmseq*

CPE	Name	Operator	Version
jupiter_cms:jupiter_cms	jupiter cms	eq	*

References

securityreason.com/securityalert/1608

www.securityfocus.com/archive/1/446064/100/0/threaded

www.securityfocus.com/bid/20048

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for CVE-2006-4876

cvelist1 nvd1