Lucene search

[email protected]CVE-2006-6387

HistoryDec 08, 2006 - 1:28 a.m.

CVE-2006-6387

2006-12-0801:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6387

sql injection

link cms

remote code execution

nvd

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.2%

JSON

Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CPENameOperatorVersion
link_content_management_server:link_content_management_serverlink content management servereq*

CPE	Name	Operator	Version
link_content_management_server:link_content_management_server	link content management server	eq	*

References

secunia.com/advisories/23107

www.securityfocus.com/bid/21464

exchange.xforce.ibmcloud.com/vulnerabilities/30744

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.2%

JSON