Lucene search

[email protected]CVE-2006-6268

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6268

2006-12-0411:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6268

sql injection

neocrome land down under

ldu

remote authenticated users

arbitrary sql commands

8.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.2%

JSON

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by “default.gif” followed by a double-encoded NULL and ’ (apostrophe) (%2500%2527).

CPENameOperatorVersion
neocrome:land_down_underneocrome land down underle8.0

CPE	Name	Operator	Version
neocrome:land_down_under	neocrome land down under	le	8.0

References

securityreason.com/securityalert/1954

www.nukedx.com/?viewdoc=51

www.securityfocus.com/archive/1/452259/100/100/threaded

www.securityfocus.com/bid/21227

8.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for CVE-2006-6268

cvelist1