Lucene search

[email protected]CVE-2006-6220

HistoryDec 01, 2006 - 1:28 a.m.

CVE-2006-6220

2006-12-0101:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

vulnerabilities

recipes website

remote attackers

arbitrary sql commands

nvd

9.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON

Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.

CPENameOperatorVersion
recipes_complete_website:recipes_complete_websiterecipes complete websiteeq1.1.14

CPE	Name	Operator	Version
recipes_complete_website:recipes_complete_website	recipes complete website	eq	1.1.14

References

secunia.com/advisories/23083

www.securityfocus.com/bid/21270

www.vupen.com/english/advisories/2006/4686

exchange.xforce.ibmcloud.com/vulnerabilities/30509

www.exploit-db.com/exploits/2834

9.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON