Lucene search

MitreCVE-2006-1000

HistoryMar 06, 2006 - 8:06 p.m.

CVE-2006-1000

2006-03-0620:06:00

mitre

web.nvd.nist.gov

sql injection

pentacle in-out board

security vulnerability

authentication bypass

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.9

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Affected configurations

Nvd

Node

g2softpentacle_in-out_boardMatch6.03

VendorProductVersionCPE
g2softpentacle_in-out_board6.03cpe:2.3:a:g2soft:pentacle_in-out_board:6.03:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
g2soft	pentacle_in-out_board	6.03	cpe:2.3:a:g2soft:pentacle_in-out_board:6.03:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html

lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html

secunia.com/advisories/19024

securitytracker.com/id?1015682

www.nukedx.com/?viewdoc=13

www.nukedx.com/?viewdoc=14

www.securityfocus.com/archive/1/426074/100/0/threaded

www.securityfocus.com/archive/1/426075/100/0/threaded

www.securityfocus.com/bid/16818

www.vupen.com/english/advisories/2006/0749

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.9

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Related for CVE-2006-1000