8.7 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.0%
DISPUTED Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying “those parameters mentioned ARE checked (preg_match) before they are used in SQL-query… If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because nothing was passed inside that parameter (to MySQL-database).” As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.
CPE | Name | Operator | Version |
---|---|---|---|
green_minute | eq | 1.0 |