Lucene search

[email protected]CVE-2006-6911

HistoryJan 09, 2007 - 6:00 p.m.

CVE-2006-6911

2007-01-0918:00:00

[email protected]

web.nvd.nist.gov

cve

2006

6911

sql injection

remote authenticated users

arbitrary sql commands

ordernum parameter

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

JSON

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

Affected configurations

NVD

Node

digitizing_quote_and_ordering_systemdigitizing_quote_and_ordering_systemMatch1.0

CPENameOperatorVersion
digitizing_quote_and_ordering_system:digitizing_quote_and_ordering_systemdigitizing quote and ordering systemeq1.0

CPE	Name	Operator	Version
digitizing_quote_and_ordering_system:digitizing_quote_and_ordering_system	digitizing quote and ordering system	eq	1.0

References

osvdb.org/31689

secunia.com/advisories/23652

exchange.xforce.ibmcloud.com/vulnerabilities/31318

www.exploit-db.com/exploits/3089

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for CVE-2006-6911

cvelist1 nvd1