Lucene search

[email protected]CVE-2006-1232

HistoryMar 14, 2006 - 7:06 p.m.

CVE-2006-1232

2006-03-1419:06:00

[email protected]

web.nvd.nist.gov

cve

sql injection

dsdownload 1.0

security vulnerabilities

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.3%

JSON

Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.

Affected configurations

NVD

Node

dsportaldsdownloadMatch1.0

CPENameOperatorVersion
dsportal:dsdownloaddsportal dsdownloadeq1.0

CPE	Name	Operator	Version
dsportal:dsdownload	dsportal dsdownload	eq	1.0

References

evuln.com/vulns/99/summary.html

secunia.com/advisories/19202

securityreason.com/securityalert/626

securitytracker.com/id?1015755

www.osvdb.org/23886

www.osvdb.org/23887

www.securityfocus.com/archive/1/428808/100/0/threaded

www.securityfocus.com/bid/17116

www.vupen.com/english/advisories/2006/0934

exchange.xforce.ibmcloud.com/vulnerabilities/25193

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2006-1232

prion1 nvd1 cvelist1 securityvulns1