Lucene search

K
cveMitreCVE-2006-5908
HistoryNov 15, 2006 - 3:07 p.m.

CVE-2006-5908

2006-11-1515:07:00
mitre
web.nvd.nist.gov
25
sql injection
yans.func.php
lucas rodriguez san pedro
yans 0.2b
remote attackers

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.1

Confidence

Low

EPSS

0.002

Percentile

61.4%

Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Affected configurations

Nvd
Node
lucas_rodriguez_san_pedroyet_another_news_systemMatch0.2b
VendorProductVersionCPE
lucas_rodriguez_san_pedroyet_another_news_system0.2bcpe:2.3:a:lucas_rodriguez_san_pedro:yet_another_news_system:0.2b:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.1

Confidence

Low

EPSS

0.002

Percentile

61.4%

Related for CVE-2006-5908