Lucene search

[email protected]CVE-2006-6923

HistoryJan 13, 2007 - 2:28 a.m.

CVE-2006-6923

2007-01-1302:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6923

sql injection

bitweaver

newsletters

edition.php

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

CPENameOperatorVersion
bitweaver:bitweaverbitweavereq1.2.1
bitweaver:bitweaverbitweavereq1.1
bitweaver:bitweaverbitweavereq1.3.1
bitweaver:bitweaverbitweavereq1.1.1_beta

CPE	Name	Operator	Version
bitweaver:bitweaver	bitweaver	eq	1.2.1
bitweaver:bitweaver	bitweaver	eq	1.1
bitweaver:bitweaver	bitweaver	eq	1.3.1
bitweaver:bitweaver	bitweaver	eq	1.1.1_beta

References

archives.neohapsis.com/archives/bugtraq/2006-11/0142.html

securityreason.com/securityalert/2144

www.securityfocus.com/bid/20988

www.securityfocus.com/bid/20996

www.vupen.com/english/advisories/2006/4485

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2006-6923

cvelist1