Lucene search

[email protected]CVE-2006-6233

HistoryDec 02, 2006 - 11:28 a.m.

CVE-2006-6233

2006-12-0211:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6233

sql injection

postnuke

downloads module

vulnerability

remote attackers

arbitrary sql commands

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

Affected configurations

NVD

Node

postnuke_software_foundationpostnukeMatch0.76_rc4

postnuke_software_foundationpostnukeMatch0.76_rc4a

postnuke_software_foundationpostnukeMatch0.76_rc4b

postnuke_software_foundationpostnukeMatch0.760_rc2

postnuke_software_foundationpostnukeMatch0.760_rc3

postnuke_software_foundationpostnukeMatch0.760_rc4

postnuke_software_foundationpostnukeMatch0.761

postnuke_software_foundationpostnukeMatch0.761a

postnuke_software_foundationpostnukeMatch0.762

postnuke_software_foundationpostnukeMatch0.763

CPENameOperatorVersion
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.76_rc4
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.76_rc4a
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.76_rc4b
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.760_rc2
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.760_rc3
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.760_rc4
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.761
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.761a
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.762
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.763

CPE	Name	Operator	Version
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.76_rc4
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.76_rc4a
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.76_rc4b
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.760_rc2
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.760_rc3
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.760_rc4
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.761
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.761a
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.762
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.763

References

securityreason.com/securityalert/1952

www.securityfocus.com/archive/1/437832/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/27501

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2006-6233

nvd1 cvelist1