Lucene search

[email protected]CVE-2006-0205

HistoryJan 13, 2006 - 11:03 p.m.

CVE-2006-0205

2006-01-1323:03:00

CWE-89

[email protected]

web.nvd.nist.gov

109

sql injection

vulnerability

wordcircle 2.17

remote attackers

authentication bypass

cve-2006-0205

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

Affected configurations

NVD

Node

wordcirclewordcircleMatch2.17

CPENameOperatorVersion
wordcircle:wordcirclewordcircleeq2.17

CPE	Name	Operator	Version
wordcircle:wordcircle	wordcircle	eq	2.17

References

evuln.com/vulns/27/summary.html

evuln.com/vulns/28/summary.html

secunia.com/advisories/18440

securityreason.com/securityalert/345

securityreason.com/securityalert/346

www.osvdb.org/22358

www.securityfocus.com/archive/1/421745/100/0/threaded

www.securityfocus.com/archive/1/421746/100/0/threaded

www.securityfocus.com/bid/16227

www.vupen.com/english/advisories/2006/0185

exchange.xforce.ibmcloud.com/vulnerabilities/24105

exchange.xforce.ibmcloud.com/vulnerabilities/24108

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2006-0205

prion1 checkpoint_advisories2 nvd1 cvelist1