Lucene search

[email protected]CVE-2006-4891

HistorySep 19, 2006 - 10:07 p.m.

CVE-2006-4891

2006-09-1922:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

articlestableview.asp

techno dreams

security vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

CPENameOperatorVersion
techno_dreams:articles_and_papers_packagetechno dreams articles and papers packagele2.0

CPE	Name	Operator	Version
techno_dreams:articles_and_papers_package	techno dreams articles and papers package	le	2.0

References

secunia.com/advisories/21976

securityreason.com/securityalert/1613

www.securityfocus.com/archive/1/446312/100/0/threaded

www.securityfocus.com/bid/20073

www.vupen.com/english/advisories/2006/3682

exchange.xforce.ibmcloud.com/vulnerabilities/28978

www.exploit-db.com/exploits/2386

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON