Lucene search

[email protected]CVE-2006-7144

HistoryMar 07, 2007 - 8:19 p.m.

CVE-2006-7144

2007-03-0720:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-7144

sql injection

call center software

authentication bypass

remote attack

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.1%

JSON

SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.

CPENameOperatorVersion
call-center-software:call-center-softwarecall-center-softwarele0.93

CPE	Name	Operator	Version
call-center-software:call-center-software	call-center-software	le	0.93

References

archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html

secunia.com/advisories/22365

securityreason.com/securityalert/2389

www.mayhemiclabs.com/advisories/MHL-2006-002.txt

www.securityfocus.com/archive/1/448423/100/0/threaded

www.securityfocus.com/bid/20474

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.1%

JSON