CVE-2006-3559

Published Jul 13, 2006

Last updated 3 months ago

CVSS info 7.5

Overview

Description: Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:arif_supriyanto:auracms:1.62:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF50CDDD-C980-463F-87A1-3C5852E9BE2B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-3559
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
http://securityreason.com/securityalert/1226
http://www.osvdb.org/28201
http://www.securityfocus.com/archive/1/439494/100/0/threaded
http://www.securityfocus.com/bid/18867
https://exchange.xforce.ibmcloud.com/vulnerabilities/27705
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
http://securityreason.com/securityalert/1226
http://www.osvdb.org/28201
http://www.securityfocus.com/archive/1/439494/100/0/threaded
http://www.securityfocus.com/bid/18867
https://exchange.xforce.ibmcloud.com/vulnerabilities/27705

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References