Lucene search

[email protected]CVE-2006-1098

HistoryMar 09, 2006 - 1:06 p.m.

CVE-2006-1098

2006-03-0913:06:00

[email protected]

web.nvd.nist.gov

cve

2006

1098

sql injection

nz ecommerce

remote attackers

arbitrary sql commands

information security

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher’s blog, but research by CVE suggests that this might be a legitimate problem

Affected configurations

NVD

Node

digital_buildernz_ecommerce

CPENameOperatorVersion
digital_builder:nz_ecommercedigital builder nz ecommerceeq*

CPE	Name	Operator	Version
digital_builder:nz_ecommerce	digital builder nz ecommerce	eq	*

References

pridels0.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html

secunia.com/advisories/19088

www.osvdb.org/23601

www.securityfocus.com/bid/16931

www.vupen.com/english/advisories/2006/0803

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2006-1098

cvelist1 nvd1 prion1