Lucene search

[email protected]CVE-2006-6195

HistoryDec 01, 2006 - 12:28 a.m.

CVE-2006-6195

2006-12-0100:28:00

[email protected]

web.nvd.nist.gov

fixit

idms pro

image gallery

sql injection

vulnerabilities

remote attackers

arbitrary commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.1%

JSON

Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.

Affected configurations

NVD

Node

fixit_knowledge_solutionsidms_pro_image_gallery

CPENameOperatorVersion
fixit_knowledge_solutions:idms_pro_image_galleryfixit knowledge solutions idms pro image galleryeq*

CPE	Name	Operator	Version
fixit_knowledge_solutions:idms_pro_image_gallery	fixit knowledge solutions idms pro image gallery	eq	*

References

securitytracker.com/id?1017281

www.aria-security.com/forum/showthread.php?t=39

www.securityfocus.com/archive/1/452567/100/0/threaded

www.securityfocus.com/bid/21282

exchange.xforce.ibmcloud.com/vulnerabilities/30513

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for CVE-2006-6195

nvd1 cvelist1