Lucene search

MitreCVE-2006-6157

HistoryNov 28, 2006 - 11:28 p.m.

CVE-2006-6157

2006-11-2823:28:00

CWE-89

mitre

web.nvd.nist.gov

cve

2006

6157

sql injection

index.php

contentnow

vulnerability

remote attackers

arbitrary sql commands

pageid parameter

path disclosure

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.203

Percentile

96.4%

JSON

SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.

Affected configurations

Nvd

Node

michaelis_freundecontentnowRange≤1.39

VendorProductVersionCPE
michaelis_freundecontentnow*cpe:2.3:a:michaelis_freunde:contentnow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
michaelis_freunde	contentnow	*	cpe:2.3:a:michaelis_freunde:contentnow::::::::

References

secunia.com/advisories/23005

securityreason.com/securityalert/1925

securitytracker.com/id?1017265

sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437

www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl

www.securityfocus.com/archive/1/452231/100/100/threaded

www.securityfocus.com/bid/21237

www.vupen.com/english/advisories/2006/4663

exchange.xforce.ibmcloud.com/vulnerabilities/30459

www.exploit-db.com/exploits/2822

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.203

Percentile

96.4%

JSON

Related for CVE-2006-6157