Lucene search

[email protected]CVE-2006-6521

HistoryDec 14, 2006 - 1:28 a.m.

CVE-2006-6521

2006-12-1401:28:00

[email protected]

web.nvd.nist.gov

cve

2006

6521

sql injection

vulnerability

messageriescripthp 2.0

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter.

Affected configurations

NVD

Node

scriptphpmessageriescripthpMatch2.0

CPENameOperatorVersion
scriptphp:messageriescripthpscriptphp messageriescripthpeq2.0

CPE	Name	Operator	Version
scriptphp:messageriescripthp	scriptphp messageriescripthp	eq	2.0

References

secunia.com/advisories/23319

securityreason.com/securityalert/2026

www.securityfocus.com/archive/1/453965/100/0/threaded

www.securityfocus.com/bid/21513

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for CVE-2006-6521

cvelist1 nvd1