CVE-2006-0087

SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/16140	Exploit
http://secunia.com/advisories/18297	Vendor Advisory
http://www.osvdb.org/22199
http://www.osvdb.org/22200
http://securitytracker.com/id?1015435
http://www.evuln.com/vulns/12/summary.html
http://securityreason.com/securityalert/314
http://www.vupen.com/english/advisories/2006/0029
http://www.securityfocus.com/archive/1/420772/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:lizard_cart:lizard_cart_cms:1.0.4:*:*:*:*:*:*:*

Information

Published : 2006-01-05 03:03

Updated : 2018-10-19 08:42

NVD link : CVE-2006-0087

Mitre link : CVE-2006-0087

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

lizard_cart

lizard_cart_cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/16140", "name": "16140", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18297", "name": "18297", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/22199", "name": "22199", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/22200", "name": "22200", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015435", "name": "1015435", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.evuln.com/vulns/12/summary.html", "name": "http://www.evuln.com/vulns/12/summary.html", "tags": [], "refsource": "MISC"}, {"url": "http://securityreason.com/securityalert/314", "name": "314", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/0029", "name": "ADV-2006-0029", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/420772/100/0/threaded", "name": "20060104 [eVuln] Lizard Cart CMS SQL Injection Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0087", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-01-05T11:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:lizard_cart:lizard_cart_cms:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:42Z"}