Lucene search

[email protected]CVE-2006-2508

HistoryMay 22, 2006 - 7:02 p.m.

CVE-2006-2508

2006-05-2219:02:00

[email protected]

web.nvd.nist.gov

sql injection

tr1.php

stylish text ads script

remote attackers

arbitrary sql commands

cve-2006-2508

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.

Affected configurations

NVD

Node

yourfreeworldstylish_text_ads_script

CPENameOperatorVersion
yourfreeworld:stylish_text_ads_scriptyourfreeworld stylish text ads scripteq*

CPE	Name	Operator	Version
yourfreeworld:stylish_text_ads_script	yourfreeworld stylish text ads script	eq	*

References

secunia.com/advisories/20213

securityreason.com/securityalert/931

www.osvdb.org/25691

www.osvdb.org/25692

www.securityfocus.com/archive/1/434527/100/0/threaded

www.securityfocus.com/bid/18044

www.vupen.com/english/advisories/2006/1897

exchange.xforce.ibmcloud.com/vulnerabilities/26569

exchange.xforce.ibmcloud.com/vulnerabilities/26570

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2006-2508

prion1 cvelist2 nvd2 cve1