Lucene search

[email protected]CVE-2006-6191

HistoryDec 01, 2006 - 12:28 a.m.

CVE-2006-6191

2006-12-0100:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

admin

edit.asp

8pixel.net

simpleblog 2.3

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.8%

JSON

SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CPENameOperatorVersion
8pixel.net:simple_blog8pixel.net simple blogeq2.1
8pixel.net:simple_blog8pixel.net simple blogle2.3
8pixel.net:simple_blog8pixel.net simple blogeq2.0
8pixel.net:simple_blog8pixel.net simple blogeq2.2

CPE	Name	Operator	Version
8pixel.net:simple_blog	8pixel.net simple blog	eq	2.1
8pixel.net:simple_blog	8pixel.net simple blog	le	2.3
8pixel.net:simple_blog	8pixel.net simple blog	eq	2.0
8pixel.net:simple_blog	8pixel.net simple blog	eq	2.2

References

secunia.com/advisories/23098

www.vupen.com/english/advisories/2006/4742

exchange.xforce.ibmcloud.com/vulnerabilities/30483

www.exploit-db.com/exploits/2853

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.8%

JSON