Lucene search

[email protected]CVE-2006-4606

HistorySep 07, 2006 - 12:04 a.m.

CVE-2006-4606

2006-09-0700:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4606

sql injection

remote code execution

longino jacome php-revista 1.1.2

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.

Affected configurations

NVD

Node

longinojacome_php-revistaMatch1.1.2

VendorProductVersionCPE
longinojacome_php-revista1.1.2cpe:/a:longino:jacome_php-revista:1.1.2:::

Vendor	Product	Version	CPE
longino	jacome_php-revista	1.1.2	cpe:/a:longino:jacome_php-revista:1.1.2:::

References

secunia.com/advisories/21738

securityreason.com/securityalert/1499

www.attrition.org/pipermail/vim/2009-April/002167.html

www.osvdb.org/28445

www.osvdb.org/28446

www.osvdb.org/28447

www.osvdb.org/28448

www.osvdb.org/28451

www.osvdb.org/28452

www.securityfocus.com/archive/1/445007/100/0/threaded

www.securityfocus.com/archive/1/502637/100/0/threaded

www.securityfocus.com/bid/19818

www.securityfocus.com/bid/23079

www.exploit-db.com/exploits/3538

www.exploit-db.com/exploits/8425

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Related for CVE-2006-4606

cvelist1 nvd2 cve1 prion1