Lucene search

MitreCVE-2006-6937

HistoryJan 17, 2007 - 12:28 a.m.

CVE-2006-6937

2007-01-1700:28:00

mitre

web.nvd.nist.gov

cve-2006-6937

sql injection

xtreme asp photo gallery

displaypic.asp

sortorder parameter

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.

Affected configurations

Nvd

Node

pensacola_web_designsxtremeasp_photogalleryMatch2.0

VendorProductVersionCPE
pensacola_web_designsxtremeasp_photogallery2.0cpe:2.3:a:pensacola_web_designs:xtremeasp_photogallery:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pensacola_web_designs	xtremeasp_photogallery	2.0	cpe:2.3:a:pensacola_web_designs:xtremeasp_photogallery:2.0:::::::*

References

aria-security.net/advisory/xtremeg.txt

securityreason.com/securityalert/2148

www.osvdb.org/31507

www.securityfocus.com/archive/1/451786/100/0/threaded

www.securityfocus.com/bid/21138

exchange.xforce.ibmcloud.com/vulnerabilities/30324

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

Related for CVE-2006-6937