CVE-2006-5908

2006-11-1515:00:00

mitre

www.cve.org

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

References

archives.neohapsis.com/archives/bugtraq/2006-11/0121.html

securityreason.com/securityalert/1866

www.securityfocus.com/bid/20963

exchange.xforce.ibmcloud.com/vulnerabilities/30119