Lucene search

MitreCVE-2006-0235

HistoryJan 18, 2006 - 1:07 a.m.

CVE-2006-0235

2006-01-1801:07:00

mitre

web.nvd.nist.gov

cve-2006-0235

sql injection

whitealbum 2.5

remote attackers

arbitrary sql commands

dir parameter

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON

SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.

Affected configurations

Nvd

Node

white_anglewhite_albumMatch2.5

VendorProductVersionCPE
white_anglewhite_album2.5cpe:2.3:a:white_angle:white_album:2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
white_angle	white_album	2.5	cpe:2.3:a:white_angle:white_album:2.5:::::::*

References

secunia.com/advisories/18460

www.biyosecurity.be/bugs/whitealbum.txt

www.osvdb.org/22520

www.securityfocus.com/archive/1/422105/100/0/threaded

www.securityfocus.com/bid/16247

www.vupen.com/english/advisories/2006/0241

exchange.xforce.ibmcloud.com/vulnerabilities/24271

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON

Related for CVE-2006-0235