Lucene search

MitreCVE-2006-6193

HistoryDec 01, 2006 - 12:28 a.m.

CVE-2006-6193

2006-12-0100:28:00

mitre

web.nvd.nist.gov

sql injection

edit.asp

basicforum 1.1

remote attackers

arbitrary commands

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

Nvd

Node

basicforumbasicforumMatch1.1

VendorProductVersionCPE
basicforumbasicforum1.1cpe:2.3:a:basicforum:basicforum:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
basicforum	basicforum	1.1	cpe:2.3:a:basicforum:basicforum:1.1:::::::*

References

secunia.com/advisories/23102

www.securityfocus.com/bid/21293

www.vupen.com/english/advisories/2006/4703

exchange.xforce.ibmcloud.com/vulnerabilities/30487

www.exploit-db.com/exploits/2848

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

Related for CVE-2006-6193