Lucene search

[email protected]CVE-2006-5946

HistoryNov 17, 2006 - 12:07 a.m.

CVE-2006-5946

2006-11-1700:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5946

sql injection

funkyasp glossary

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter.

Affected configurations

NVD

Node

funkyaspglossaryMatch1.0

CPENameOperatorVersion
funkyasp:glossaryfunkyasp glossaryeq1.0

CPE	Name	Operator	Version
funkyasp:glossary	funkyasp glossary	eq	1.0

References

s-a-p.ca/index.php?page=OurAdvisories&id=19

secunia.com/advisories/22911

securityreason.com/securityalert/1877

www.securityfocus.com/archive/1/451562/100/0/threaded

www.securityfocus.com/bid/21055

www.vupen.com/english/advisories/2006/4516

exchange.xforce.ibmcloud.com/vulnerabilities/30271

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for CVE-2006-5946

cvelist1 nvd1