Lucene search

[email protected]CVE-2006-6831

HistoryDec 31, 2006 - 5:00 a.m.

CVE-2006-6831

2006-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

faqdsp.asp

afaq 1.0

remote attackers

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.0%

JSON

SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.

CPENameOperatorVersion
alan_ward:a-faqalan ward a-faqeq1.0

CPE	Name	Operator	Version
alan_ward:a-faq	alan ward a-faq	eq	1.0

References

exchange.xforce.ibmcloud.com/vulnerabilities/31130

www.exploit-db.com/exploits/3031

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.0%

JSON