Lucene search

[email protected]CVE-2006-6194

HistoryDec 01, 2006 - 12:28 a.m.

CVE-2006-6194

2006-12-0100:28:00

[email protected]

web.nvd.nist.gov

sql injection

index.asp

ultimate survey pro

remote attack

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.

Affected configurations

NVD

Node

fisasp.comultimate_survey_pro

CPENameOperatorVersion
fisasp.com:ultimate_survey_profisasp.com ultimate survey proeq*

CPE	Name	Operator	Version
fisasp.com:ultimate_survey_pro	fisasp.com ultimate survey pro	eq	*

References

securityreason.com/securityalert/1936

www.aria-security.com/forum/showthread.php?t=38

www.securityfocus.com/archive/1/452554/100/0/threaded

www.vupen.com/english/advisories/2006/4706

exchange.xforce.ibmcloud.com/vulnerabilities/30499

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2006-6194

nvd1 cvelist1