Lucene search

K
cve[email protected]CVE-2006-7170
HistoryMar 20, 2007 - 10:19 a.m.

CVE-2006-7170

2007-03-2010:19:00
CWE-89
web.nvd.nist.gov
17
sql injection
koan software mega mall
remote attackers
arbitrary commands
security vulnerability
nvd

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

51.1%

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

Affected configurations

NVD
Node
koan_softwaremega_mall

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

51.1%

Related for CVE-2006-7170