Lucene search

[email protected]CVE-2006-0581

HistoryFeb 08, 2006 - 1:02 a.m.

CVE-2006-0581

2006-02-0801:02:00

[email protected]

web.nvd.nist.gov

cve

2006

0581

sql injection

hosting controller

hotfix

nvd

vulnerability

remote

authenticated

users

execute

arbitrary

sql commands

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerMatch6.1_hotfix_2.8

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_2.8

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_2.8

References

secunia.com/advisories/18731

securitytracker.com/id?1015584

www.osvdb.org/22982

www.osvdb.org/22983

www.vupen.com/english/advisories/2006/0460

exchange.xforce.ibmcloud.com/vulnerabilities/24537

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2006-0581

nvd1 cvelist1 prion1