Lucene search

[email protected]CVE-2006-6355

HistoryDec 07, 2006 - 1:28 a.m.

CVE-2006-6355

2006-12-0701:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

130

cve-2006-6355

sql injection

default.asp

duware duclassmate

icity parameter

remote code execution

8.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.4%

JSON

SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.

CPENameOperatorVersion
duware:duclassmateduware duclassmateeq*

CPE	Name	Operator	Version
duware:duclassmate	duware duclassmate	eq	*

References

securityreason.com/securityalert/1997

www.aria-security.com/forum/showthread.php?t=59

www.securityfocus.com/archive/1/453318/100/0/threaded

www.securityfocus.com/bid/24637

exchange.xforce.ibmcloud.com/vulnerabilities/30672

8.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2006-6355

nessus1 cve1