Lucene search

[email protected]CVE-2006-4736

HistorySep 13, 2006 - 10:07 p.m.

CVE-2006-4736

2006-09-1322:07:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2006

4736

sql injection

cms.r

5.5

remote attackers

adminname

adminpass

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

cms.r.cms.r.Match5.5

CPENameOperatorVersion
cms.r.:cms.r.cms.r.eq5.5

CPE	Name	Operator	Version
cms.r.:cms.r.	cms.r.	eq	5.5

References

secunia.com/advisories/21860

securityreason.com/securityalert/1563

www.securityfocus.com/archive/1/445789/100/0/threaded

www.securityfocus.com/bid/19950

www.vupen.com/english/advisories/2006/3561

exchange.xforce.ibmcloud.com/vulnerabilities/28877

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2006-4736

nvd1 cvelist1