Lucene search

[email protected]CVE-2006-6355

HistoryDec 07, 2006 - 1:28 a.m.

CVE-2006-6355

2006-12-0701:28:00

[email protected]

web.nvd.nist.gov

134

cve-2006-6355

sql injection

default.asp

duware duclassmate

icity parameter

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.

Affected configurations

NVD

Node

duwareduclassmate

CPENameOperatorVersion
duware:duclassmateduware duclassmateeq*

CPE	Name	Operator	Version
duware:duclassmate	duware duclassmate	eq	*

References

securityreason.com/securityalert/1997

www.aria-security.com/forum/showthread.php?t=59

www.securityfocus.com/archive/1/453318/100/0/threaded

www.securityfocus.com/bid/24637

exchange.xforce.ibmcloud.com/vulnerabilities/30672

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-2006-6355

cvelist2 nvd2 nessus1 cve1