Lucene search

[email protected]CVE-2006-3168

HistoryJun 23, 2006 - 12:02 a.m.

CVE-2006-3168

2006-06-2300:02:00

[email protected]

web.nvd.nist.gov

sql injection

cs-forum

vulnerability

remote attackers

arbitrary sql commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.1%

JSON

SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.

Affected configurations

NVD

Node

comscriptscs-forumRange≤0.81

CPENameOperatorVersion
comscripts:cs-forumcomscripts cs-forumle0.81

CPE	Name	Operator	Version
comscripts:cs-forum	comscripts cs-forum	le	0.81

References

secunia.com/advisories/20534

securityreason.com/securityalert/1124

www.acid-root.new.fr/advisories/csforum081.txt

www.comscripts.com/scripts/php.cs-forum.643.html

www.osvdb.org/26382

www.osvdb.org/26383

www.securityfocus.com/archive/1/436789/100/0/threaded

www.vupen.com/english/advisories/2006/2314

exchange.xforce.ibmcloud.com/vulnerabilities/27176

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2006-3168

cvelist1 nvd1