Lucene search

MitreCVE-2006-4978

HistorySep 25, 2006 - 1:07 a.m.

CVE-2006-4978

2006-09-2501:07:00

mitre

web.nvd.nist.gov

cve

sql injection

walter beschmout

phpquiz 1.2

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.009

Percentile

82.8%

JSON

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

Affected configurations

Nvd

Node

walter_beschmoutphpquizRange≤1.2

VendorProductVersionCPE
walter_beschmoutphpquiz*cpe:2.3:a:walter_beschmout:phpquiz:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
walter_beschmout	phpquiz	*	cpe:2.3:a:walter_beschmout:phpquiz::::::::

References

secunia.com/advisories/22015

securityreason.com/securityalert/1627

www.morx.org/phpquiz.txt

www.securityfocus.com/archive/1/446315/100/0/threaded

www.securityfocus.com/bid/20065

www.vupen.com/english/advisories/2006/3693

exchange.xforce.ibmcloud.com/vulnerabilities/28993

www.exploit-db.com/exploits/2376

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.009

Percentile

82.8%

JSON

Related for CVE-2006-4978