Lucene search

[email protected]CVE-2006-5030

HistorySep 27, 2006 - 11:07 p.m.

CVE-2006-5030

2006-09-2723:07:00

[email protected]

web.nvd.nist.gov

sql injection

exv2

vulnerability

remote authentication

nvd

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.1%

JSON

SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.

Affected configurations

NVD

Node

exv2content_management_systemRange≤2.0.4.3

CPENameOperatorVersion
exv2:content_management_systemexv2 content management systemle2.0.4.3

CPE	Name	Operator	Version
exv2:content_management_system	exv2 content management system	le	2.0.4.3

References

secunia.com/advisories/22045

www.securityfocus.com/bid/20143

exchange.xforce.ibmcloud.com/vulnerabilities/29079

www.exploit-db.com/exploits/2406

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2006-5030

nvd1 cvelist1