Lucene search

[email protected]CVE-2006-5955

HistoryNov 17, 2006 - 12:07 a.m.

CVE-2006-5955

2006-11-1700:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5955

sql injection

20/20 datashed

real estate listing system

remote attackers

arbitrary sql commands

itemid parameter

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.0%

JSON

SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
20_20_applications:20_20_datashed20 20 applications 20 20 datashedeq*

CPE	Name	Operator	Version
20_20_applications:20_20_datashed	20 20 applications 20 20 datashed	eq	*

References

aria-security.net/advisory/Real%20Estate%20Listing%20System.txt

secunia.com/advisories/22894

www.securityfocus.com/archive/1/451503/100/200/threaded

www.securityfocus.com/bid/21109

www.vupen.com/english/advisories/2006/4526

exchange.xforce.ibmcloud.com/vulnerabilities/30258

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2006-5955

cve1