Lucene search

MitreCVE-2006-5640

HistoryNov 01, 2006 - 12:07 a.m.

CVE-2006-5640

2006-11-0100:07:00

mitre

web.nvd.nist.gov

cve-2006-5640

sql injection

remote code execution

techno dreams guest book 1.0

guestbookview.asp

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

Affected configurations

Nvd

Node

techno_dreamstechno_dreams_guest_bookRange≤1.0

VendorProductVersionCPE
techno_dreamstechno_dreams_guest_book*cpe:2.3:a:techno_dreams:techno_dreams_guest_book:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
techno_dreams	techno_dreams_guest_book	*	cpe:2.3:a:techno_dreams:techno_dreams_guest_book::::::::

References

secunia.com/advisories/22600

www.securityfocus.com/bid/20802

www.vupen.com/english/advisories/2006/4277

exchange.xforce.ibmcloud.com/vulnerabilities/29869

www.exploit-db.com/exploits/2684

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

Related for CVE-2006-5640