Lucene search

[email protected]CVE-2006-5991

HistoryNov 21, 2006 - 2:07 a.m.

CVE-2006-5991

2006-11-2102:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5991

sql injection

wwweb concepts

cactushop

prodtype

product

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.

Affected configurations

NVD

Node

cactusoftcactushop

CPENameOperatorVersion
cactusoft:cactushopcactusoft cactushopeq*

CPE	Name	Operator	Version
cactusoft:cactushop	cactusoft cactushop	eq	*

References

aria-security.net/advisory/WWWeb%20Cocepts.txt

secunia.com/advisories/22895

securityreason.com/securityalert/1887

www.securityfocus.com/archive/1/451513/100/100/threaded

www.securityfocus.com/bid/21076

www.vupen.com/english/advisories/2006/4528

exchange.xforce.ibmcloud.com/vulnerabilities/30261

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2006-5991

cvelist1 nvd1