Lucene search

[email protected]CVE-2006-7010

HistoryFeb 12, 2007 - 11:28 p.m.

CVE-2006-7010

2007-02-1223:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

joomla

cve-2006-7010

sql injection

security vulnerability

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.2%

JSON

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable’s data type to integer when the variable’s default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

CPENameOperatorVersion
joomla:joomlajoomlaeq1.0.9
joomla:joomlajoomlaeq1.0.1
joomla:joomlajoomlaeq1.0.3
joomla:joomlajoomlaeq1.0.6
joomla:joomlajoomlaeq1.0.8
joomla:joomlajoomlaeq1.0.4
joomla:joomlajoomlaeq1.0.2
joomla:joomlajoomlaeq1.0.5
joomla:joomlajoomlaeq1.0.7
joomla:joomlajoomlaeq1.0.0

CPE	Name	Operator	Version
joomla:joomla	joomla	eq	1.0.9
joomla:joomla	joomla	eq	1.0.1
joomla:joomla	joomla	eq	1.0.3
joomla:joomla	joomla	eq	1.0.6
joomla:joomla	joomla	eq	1.0.8
joomla:joomla	joomla	eq	1.0.4
joomla:joomla	joomla	eq	1.0.2
joomla:joomla	joomla	eq	1.0.5
joomla:joomla	joomla	eq	1.0.7
joomla:joomla	joomla	eq	1.0.0

References

secunia.com/advisories/20874

www.joomla.org/content/view/1510/74/

www.osvdb.org/26916

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for CVE-2006-7010

cvelist1 securityvulns1