Lucene search

MitreCVE-2006-5927

HistoryNov 16, 2006 - 12:07 a.m.

CVE-2006-5927

2006-11-1600:07:00

mitre

web.nvd.nist.gov

sql injection

cplogin.asp

asp scripter easy portal 1.4

live support 1.3

nvd

cve-2006-5927

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.006

Percentile

79.5%

JSON

SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Affected configurations

Nvd

Node

asp_scriptereasy_portalMatch1.4

asp_scripterlive_supportMatch1.3

VendorProductVersionCPE
asp_scriptereasy_portal1.4cpe:2.3:a:asp_scripter:easy_portal:1.4:*:*:*:*:*:*:*
asp_scripterlive_support1.3cpe:2.3:a:asp_scripter:live_support:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asp_scripter	easy_portal	1.4	cpe:2.3:a:asp_scripter:easy_portal:1.4:::::::*
asp_scripter	live_support	1.3	cpe:2.3:a:asp_scripter:live_support:1.3:::::::*

References

secunia.com/advisories/22856

securityreason.com/securityalert/1874

www.securityfocus.com/archive/1/451370/100/0/threaded

www.securityfocus.com/bid/21031

www.vupen.com/english/advisories/2006/4499

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.006

Percentile

79.5%

JSON

Related for CVE-2006-5927