CVE-2006-2139

Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://evuln.com/vulns/129/summary.html
http://secunia.com/advisories/19904	Vendor Advisory
http://www.securityfocus.com/bid/17757
http://www.osvdb.org/25132
http://www.osvdb.org/25133
http://www.osvdb.org/25134
http://www.osvdb.org/25135
http://www.vupen.com/english/advisories/2006/1574
https://exchange.xforce.ibmcloud.com/vulnerabilities/26205

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:wilsonncareabusinesses:php_newsfeed:2004-07-23:*:*:*:*:*:*:*

Information

Published : 2006-05-02 03:02

Updated : 2017-07-19 18:31

NVD link : CVE-2006-2139

Mitre link : CVE-2006-2139

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

wilsonncareabusinesses

php_newsfeed

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://evuln.com/vulns/129/summary.html", "name": "http://evuln.com/vulns/129/summary.html", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/19904", "name": "19904", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17757", "name": "17757", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/25132", "name": "25132", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25133", "name": "25133", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25134", "name": "25134", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25135", "name": "25135", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/1574", "name": "ADV-2006-1574", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26205", "name": "phpnewsfeed-multiple-sql-injection(26205)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2139", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-02T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:wilsonncareabusinesses:php_newsfeed:2004-07-23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}