Lucene search

[email protected]CVE-2006-6094

HistoryNov 24, 2006 - 6:07 p.m.

CVE-2006-6094

2006-11-2418:07:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2006

6094

activenews manager

sql injection

remote attackers

arbitrary sql commands

catid

articleid

query

nvd

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.

CPENameOperatorVersion
dotnetindex:active_news_managerdotnetindex active news managereq*

CPE	Name	Operator	Version
dotnetindex:active_news_manager	dotnetindex active news manager	eq	*

References

marc.info/?l=bugtraq&m=116388432326444&w=2

s-a-p.ca/index.php?page=OurAdvisories&id=31

secunia.com/advisories/22981

securityreason.com/securityalert/1910

www.aria-security.com/forum/showthread.php?t=33

www.osvdb.org/30518

www.osvdb.org/30519

www.osvdb.org/30520

www.securityfocus.com/archive/1/451884/100/100/threaded

www.securityfocus.com/archive/1/452015

www.securityfocus.com/bid/21167

www.vupen.com/english/advisories/2006/4600

exchange.xforce.ibmcloud.com/vulnerabilities/30352

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2006-6094

cve1