Lucene search

[email protected]NVD:CVE-2006-5908

HistoryNov 15, 2006 - 3:07 p.m.

CVE-2006-5908

2006-11-1515:07:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Affected configurations

Nvd

Node

lucas_rodriguez_san_pedroyet_another_news_systemMatch0.2b

VendorProductVersionCPE
lucas_rodriguez_san_pedroyet_another_news_system0.2bcpe:2.3:a:lucas_rodriguez_san_pedro:yet_another_news_system:0.2b:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lucas_rodriguez_san_pedro	yet_another_news_system	0.2b	cpe:2.3:a:lucas_rodriguez_san_pedro:yet_another_news_system:0.2b:::::::*

References

archives.neohapsis.com/archives/bugtraq/2006-11/0121.html

securityreason.com/securityalert/1866

www.securityfocus.com/bid/20963

exchange.xforce.ibmcloud.com/vulnerabilities/30119

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Related for NVD:CVE-2006-5908

cvelist1 cve1