Lucene search

[email protected]CVE-2006-5640

HistoryNov 01, 2006 - 12:07 a.m.

CVE-2006-5640

2006-11-0100:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5640

sql injection

remote code execution

techno dreams guest book 1.0

guestbookview.asp

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.5%

JSON

SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

CPENameOperatorVersion
techno_dreams:techno_dreams_guest_booktechno dreams techno dreams guest bookle1.0

CPE	Name	Operator	Version
techno_dreams:techno_dreams_guest_book	techno dreams techno dreams guest book	le	1.0

References

secunia.com/advisories/22600

www.securityfocus.com/bid/20802

www.vupen.com/english/advisories/2006/4277

exchange.xforce.ibmcloud.com/vulnerabilities/29869

www.exploit-db.com/exploits/2684

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.5%

JSON