Lucene search

MitreCVE-2006-0856

HistoryFeb 23, 2006 - 11:02 p.m.

CVE-2006-0856

2006-02-2323:02:00

mitre

web.nvd.nist.gov

cve-2006-0856

sql injection

scriptme sme gb host 1.21

authentication bypass

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter.

Affected configurations

Nvd

Node

scriptmesme_gb_hostMatch1.21

VendorProductVersionCPE
scriptmesme_gb_host1.21cpe:2.3:a:scriptme:sme_gb_host:1.21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scriptme	sme_gb_host	1.21	cpe:2.3:a:scriptme:sme_gb_host:1.21:::::::*

References

secunia.com/advisories/18823

www.evuln.com/vulns/66/summary.html

www.securityfocus.com/archive/1/425317/100/0/threaded

www.securityfocus.com/bid/16609

www.vupen.com/english/advisories/2006/0543

exchange.xforce.ibmcloud.com/vulnerabilities/24544

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

Related for CVE-2006-0856