Lucene search

[email protected]CVE-2006-6066

HistoryNov 22, 2006 - 2:07 a.m.

CVE-2006-6066

2006-11-2202:07:00

[email protected]

web.nvd.nist.gov

cve

sql injection

dragon calendar

events listing 2.x

nvd

security vulnerability

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.1 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.5%

JSON

Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to © venue_detail.asp.

Affected configurations

NVD

Node

dragon_internetevents_listingMatch2.0.01

CPENameOperatorVersion
dragon_internet:events_listingdragon internet events listingeq2.0.01

CPE	Name	Operator	Version
dragon_internet:events_listing	dragon internet events listing	eq	2.0.01

References

s-a-p.ca/index.php?page=OurAdvisories&id=32

secunia.com/advisories/22930

www.osvdb.org/30443

www.osvdb.org/30444

www.osvdb.org/30445

www.securityfocus.com/archive/1/451632/100/100/threaded

www.securityfocus.com/bid/21098

www.vupen.com/english/advisories/2006/4533

exchange.xforce.ibmcloud.com/vulnerabilities/30296

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.1 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for CVE-2006-6066

cvelist1 nvd1