Lucene search

[email protected]CVE-2006-6157

HistoryNov 28, 2006 - 11:28 p.m.

CVE-2006-6157

2006-11-2823:28:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2006

6157

sql injection

index.php

contentnow

vulnerability

remote attackers

arbitrary sql commands

pageid parameter

path disclosure

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.203 Low

EPSS

Percentile

96.4%

JSON

SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.

Affected configurations

NVD

Node

michaelis_freundecontentnowRange≤1.39

CPENameOperatorVersion
michaelis_freunde:contentnowmichaelis freunde contentnowle1.39

CPE	Name	Operator	Version
michaelis_freunde:contentnow	michaelis freunde contentnow	le	1.39

References

secunia.com/advisories/23005

securityreason.com/securityalert/1925

securitytracker.com/id?1017265

sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437

www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl

www.securityfocus.com/archive/1/452231/100/100/threaded

www.securityfocus.com/bid/21237

www.vupen.com/english/advisories/2006/4663

exchange.xforce.ibmcloud.com/vulnerabilities/30459

www.exploit-db.com/exploits/2822

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.203 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2006-6157

nvd1 cvelist1