Lucene search

[email protected]CVE-2006-6095

HistoryNov 24, 2006 - 6:07 p.m.

CVE-2006-6095

2006-11-2418:07:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2006

6095

sql injection

activenews manager

remote attackers

arbitrary sql commands

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.0%

JSON

Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.

CPENameOperatorVersion
dotnetindex:active_news_managerdotnetindex active news managereq*

CPE	Name	Operator	Version
dotnetindex:active_news_manager	dotnetindex active news manager	eq	*

References

marc.info/?l=bugtraq&m=116387481223790&w=2

www.aria-security.com/forum/showthread.php?t=33

www.osvdb.org/31568

www.osvdb.org/31569

www.securityfocus.com/bid/21167

exchange.xforce.ibmcloud.com/vulnerabilities/30352

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2006-6095

cve1