Lucene search

[email protected]CVE-2006-5140

HistoryOct 03, 2006 - 4:03 a.m.

CVE-2006-5140

2006-10-0304:03:00

[email protected]

web.nvd.nist.gov

cve-2006-5140

sql injection

display.php

phpkimagehost

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

NVD

Node

lappy512php_krazy_image_host_scriptMatch0.7a

CPENameOperatorVersion
lappy512:php_krazy_image_host_scriptlappy512 php krazy image host scripteq0.7a

CPE	Name	Operator	Version
lappy512:php_krazy_image_host_script	lappy512 php krazy image host script	eq	0.7a

References

www.securityfocus.com/bid/20270

exchange.xforce.ibmcloud.com/vulnerabilities/29270

www.exploit-db.com/exploits/2456

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for CVE-2006-5140

cvelist1 nvd1