Lucene search

[email protected]CVE-2006-7150

HistoryMar 07, 2007 - 8:19 p.m.

CVE-2006-7150

2007-03-0720:19:00

[email protected]

web.nvd.nist.gov

cve-2006-7150

mambo

sql injection

vulnerability

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.5%

JSON

Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.

Affected configurations

NVD

Node

mambomambo_open_sourceMatch4.6cvs

mambomambo_open_sourceMatch4.6rc1

mambomambo_open_sourceMatch4.6rc2

mambomambo_open_sourceMatch4.6.1

CPENameOperatorVersion
mambo:mambo_open_sourcemambo mambo open sourceeq4.6
mambo:mambo_open_sourcemambo mambo open sourceeq4.6.1

CPE	Name	Operator	Version
mambo:mambo_open_source	mambo mambo open source	eq	4.6
mambo:mambo_open_source	mambo mambo open source	eq	4.6.1

References

securityreason.com/securityalert/2379

www.kapda.ir/advisory-444.html

www.securityfocus.com/archive/1/449305/100/0/threaded

www.securityfocus.com/bid/20650

exchange.xforce.ibmcloud.com/vulnerabilities/29707

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for CVE-2006-7150

nvd1 cvelist1 openvas2