CVE-2006-5840
8.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.6%
Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version
References
attrition.org/pipermail/vim/2006-December/001190.html
s-a-p.ca/index.php?page=OurAdvisories&id=7
secunia.com/advisories/22792
securityreason.com/securityalert/1840
www.attrition.org/pipermail/vim/2006-December/001170.html
www.osvdb.org/30249
www.osvdb.org/30250
www.securityfocus.com/archive/1/450946/100/0/threaded
www.securityfocus.com/bid/20970
www.vupen.com/english/advisories/2006/4418
exchange.xforce.ibmcloud.com/vulnerabilities/30135
8.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.6%