Lucene search

[email protected]NVD:CVE-2006-6132

HistoryNov 28, 2006 - 1:07 a.m.

CVE-2006-6132

2006-11-2801:07:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.007

Percentile

80.8%

JSON

Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.

Affected configurations

Nvd

Node

softacidlink_exchange_liteMatch1.0

VendorProductVersionCPE
softacidlink_exchange_lite1.0cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
softacid	link_exchange_lite	1.0	cpe:2.3:a:softacid:link_exchange_lite:1.0:::::::*

References

s-a-p.ca/index.php?page=OurAdvisories&id=53

secunia.com/advisories/23068

securityreason.com/securityalert/1920

www.securityfocus.com/archive/1/452256/100/0/threaded

www.securityfocus.com/bid/21239

www.vupen.com/english/advisories/2006/4656

exchange.xforce.ibmcloud.com/vulnerabilities/30460

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.007

Percentile

80.8%

JSON

Related for NVD:CVE-2006-6132

cve1 cvelist1