Lucene search

[email protected]CVE-2006-6132

HistoryNov 28, 2006 - 1:07 a.m.

CVE-2006-6132

2006-11-2801:07:00

[email protected]

web.nvd.nist.gov

cve-2006-6132

sql injection

link exchange lite

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.

Affected configurations

NVD

Node

softacidlink_exchange_liteMatch1.0

CPENameOperatorVersion
softacid:link_exchange_litesoftacid link exchange liteeq1.0

CPE	Name	Operator	Version
softacid:link_exchange_lite	softacid link exchange lite	eq	1.0

References

s-a-p.ca/index.php?page=OurAdvisories&id=53

secunia.com/advisories/23068

securityreason.com/securityalert/1920

www.securityfocus.com/archive/1/452256/100/0/threaded

www.securityfocus.com/bid/21239

www.vupen.com/english/advisories/2006/4656

exchange.xforce.ibmcloud.com/vulnerabilities/30460

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2006-6132

cvelist1 nvd1