Lucene search

[email protected]CVE-2006-5887

HistoryNov 14, 2006 - 10:07 p.m.

CVE-2006-5887

2006-11-1422:07:00

[email protected]

web.nvd.nist.gov

sql injection

campusnewsdetails

dynamic dataworx nuschool 1.0

newsid parameter

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.

Affected configurations

NVD

Node

dynamic_dataworxnuschoolMatch1.0

CPENameOperatorVersion
dynamic_dataworx:nuschooldynamic dataworx nuschooleq1.0

CPE	Name	Operator	Version
dynamic_dataworx:nuschool	dynamic dataworx nuschool	eq	1.0

References

secunia.com/advisories/22830

securityreason.com/securityalert/1855

securitytracker.com/id?1017217

www.securityfocus.com/archive/1/451336/100/0/threaded

www.securityfocus.com/bid/21006

www.vupen.com/english/advisories/2006/4475

exchange.xforce.ibmcloud.com/vulnerabilities/30196

www.exploit-db.com/exploits/2757

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2006-5887

cvelist1 nvd1