Lucene search

[email protected]CVE-2006-6709

HistoryDec 23, 2006 - 1:28 a.m.

CVE-2006-6709

2006-12-2301:28:00

[email protected]

web.nvd.nist.gov

mginternet property site manager

sql injection

remote attackers

arbitrary commands

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.6%

JSON

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to © admin_login.asp. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

mginternetproperty_site_manager

CPENameOperatorVersion
mginternet:property_site_managermginternet property site managereq*

CPE	Name	Operator	Version
mginternet:property_site_manager	mginternet property site manager	eq	*

References

securityreason.com/securityalert/2078

www.securityfocus.com/archive/1/451565

www.securityfocus.com/bid/21073

exchange.xforce.ibmcloud.com/vulnerabilities/30289

exchange.xforce.ibmcloud.com/vulnerabilities/30291

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for CVE-2006-6709

cvelist1 nvd1