Lucene search

MitreCVE-2006-0079

HistoryJan 04, 2006 - 11:00 a.m.

CVE-2006-0079

2006-01-0411:00:00

mitre

web.nvd.nist.gov

cve-2006-0079

sql injection

auth.php

scoznet scozbook beta 1.1

remote attackers

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON

SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable).

Affected configurations

Nvd

Node

scoznetscozbookMatch1.1_beta

VendorProductVersionCPE
scoznetscozbook1.1_betacpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scoznet	scozbook	1.1_beta	cpe:2.3:a:scoznet:scozbook:1.1_beta:::::::*

References

evuln.com/vulns/11/summary.html

secunia.com/advisories/8476

securityreason.com/securityalert/318

www.osvdb.org/22221

www.securityfocus.com/archive/1/420675/100/0/threaded

www.securityfocus.com/bid/16115

www.vupen.com/english/advisories/2006/0027

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON

Related for CVE-2006-0079