Lucene search

MitreCVE-2006-6274

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6274

2006-12-0411:28:00

mitre

web.nvd.nist.gov

cve-2006-6274

sql injection

expinion.net

inp publisher

nvd

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.005

Percentile

77.2%

JSON

SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher.

Affected configurations

Nvd

Node

expinion.netinews_publisherRange≤2.5

expinion.netnews_manager

VendorProductVersionCPE
expinion.netinews_publisher*cpe:2.3:a:expinion.net:inews_publisher:*:*:*:*:*:*:*:*
expinion.netnews_manager*cpe:2.3:a:expinion.net:news_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
expinion.net	inews_publisher	*	cpe:2.3:a:expinion.net:inews_publisher::::::::
expinion.net	news_manager	*	cpe:2.3:a:expinion.net:news_manager::::::::

References

attrition.org/pipermail/vim/2006-November/001147.html

secunia.com/advisories/23123

securityreason.com/securityalert/1956

www.aria-security.com/forum/showthread.php?t=40

www.securityfocus.com/archive/1/452572/100/0/threaded

www.securityfocus.com/bid/21296

www.vupen.com/english/advisories/2006/4707

exchange.xforce.ibmcloud.com/vulnerabilities/30510

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.005

Percentile

77.2%

JSON

Related for CVE-2006-6274