Lucene search

[email protected]CVE-2006-2459

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2459

2006-05-1910:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2459

sql injection

php-fusion

remote authenticated users

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.8 High

AI Score

Confidence

Low

0.042 Low

EPSS

Percentile

92.3%

JSON

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

Affected configurations

NVD

Node

php_fusionphp_fusionMatch6.00.306

php_fusionphp_fusionMatch6.00.307

CPENameOperatorVersion
php_fusion:php_fusionphp fusioneq6.00.306
php_fusion:php_fusionphp fusioneq6.00.307

CPE	Name	Operator	Version
php_fusion:php_fusion	php fusion	eq	6.00.306
php_fusion:php_fusion	php fusion	eq	6.00.307

References

retrogod.altervista.org/phpfusion_600306_sql.html

secunia.com/advisories/20129

securityreason.com/securityalert/922

securitytracker.com/id?1016111

www.osvdb.org/25542

www.securityfocus.com/archive/1/434162/100/0/threaded

www.securityfocus.com/bid/18009

www.vupen.com/english/advisories/2006/1839

exchange.xforce.ibmcloud.com/vulnerabilities/26491

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.8 High

AI Score

Confidence

Low

0.042 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2006-2459

nvd2 prion2 cvelist2 cve1