Lucene search

MitreCVE-2006-6268

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6268

2006-12-0411:28:00

mitre

web.nvd.nist.gov

cve-2006-6268

sql injection

neocrome land down under

ldu

remote authenticated users

arbitrary sql commands

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

59.4%

JSON

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by “default.gif” followed by a double-encoded NULL and ’ (apostrophe) (%2500%2527).

Affected configurations

Nvd

Node

neocromeland_down_underRange≤8.0

VendorProductVersionCPE
neocromeland_down_under*cpe:2.3:a:neocrome:land_down_under:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
neocrome	land_down_under	*	cpe:2.3:a:neocrome:land_down_under::::::::

References

securityreason.com/securityalert/1954

www.nukedx.com/?viewdoc=51

www.securityfocus.com/archive/1/452259/100/100/threaded

www.securityfocus.com/bid/21227

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

59.4%

JSON

Related for CVE-2006-6268