Lucene search

[email protected]CVE-2006-7085

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2006-7085

2007-03-0221:18:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-7085

rigter portal system

rps

remote attack

xss

add_art.php

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.5%

JSON

Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.

CPENameOperatorVersion
rigter_portal_system:rigter_portal_systemrigter portal systemeq1.0
rigter_portal_system:rigter_portal_systemrigter portal systemeq2.0
rigter_portal_system:rigter_portal_systemrigter portal systemeq3.0

CPE	Name	Operator	Version
rigter_portal_system:rigter_portal_system	rigter portal system	eq	1.0
rigter_portal_system:rigter_portal_system	rigter portal system	eq	2.0
rigter_portal_system:rigter_portal_system	rigter portal system	eq	3.0

References

lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html

securityreason.com/securityalert/2322

www.osvdb.org/28640

exchange.xforce.ibmcloud.com/vulnerabilities/39972

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.5%

JSON