Lucene search

[email protected]CVE-2006-7115

HistoryMar 06, 2007 - 1:19 a.m.

CVE-2006-7115

2007-03-0601:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006-7115

sql injection

phpkit

remote attackers

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

JSON

SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.

CPENameOperatorVersion
phpkit:phpkitphpkiteq1.6.1

CPE	Name	Operator	Version
phpkit:phpkit	phpkit	eq	1.6.1

References

secunia.com/advisories/17479

securityreason.com/securityalert/2357

www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_%28faq-faq.php%29_Remote_SQL_Injection_Exploit.htm

www.osvdb.org/31265

www.securityfocus.com/archive/1/451304/100/0/threaded

www.securityfocus.com/bid/21002

exchange.xforce.ibmcloud.com/vulnerabilities/30209

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

JSON