Lucene search

[email protected]CVE-2006-3275

HistoryJun 28, 2006 - 10:05 p.m.

CVE-2006-3275

2006-06-2822:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3275

sql injection

profile.php

yabb se 1.5.5

nvd

vulnerability

remote attackers

execute sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.

Affected configurations

NVD

Node

yabbyabbRange≤1.5.5second_edition

yabbyabbMatch1.5.1second_edition

yabbyabbMatch1.5.2second_edition

yabbyabbMatch1.5.4second_edition

CPENameOperatorVersion
yabb:yabbyabble1.5.5
yabb:yabbyabbeq1.5.1
yabb:yabbyabbeq1.5.2
yabb:yabbyabbeq1.5.4

CPE	Name	Operator	Version
yabb:yabb	yabb	le	1.5.5
yabb:yabb	yabb	eq	1.5.1
yabb:yabb	yabb	eq	1.5.2
yabb:yabb	yabb	eq	1.5.4

References

marc.info/?l=full-disclosure&m=115102378824221&w=2

secunia.com/advisories/20780

www.securityfocus.com/bid/18625

www.vupen.com/english/advisories/2006/2504

exchange.xforce.ibmcloud.com/vulnerabilities/27331

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2006-3275

nvd1 cvelist1