Lucene search

[email protected]NVD:CVE-2006-6152

HistoryNov 28, 2006 - 11:28 p.m.

CVE-2006-6152

2006-11-2823:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.

Affected configurations

Nvd

Node

vspin.netclassified_systemMatch2004

VendorProductVersionCPE
vspin.netclassified_system2004cpe:2.3:a:vspin.net:classified_system:2004:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vspin.net	classified_system	2004	cpe:2.3:a:vspin.net:classified_system:2004:::::::*

References

s-a-p.ca/index.php?page=OurAdvisories&id=47

secunia.com/advisories/22987

securityreason.com/securityalert/1926

securitytracker.com/id?1017259

www.securityfocus.com/archive/1/452179/100/100/threaded

www.securityfocus.com/bid/21190

exchange.xforce.ibmcloud.com/vulnerabilities/30444

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Related for NVD:CVE-2006-6152

cvelist1 exploitdb2 cve1