CVE-2006-2320

Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.idealscience.com/ibb/posts.aspx?postID=24415
http://www.securityfocus.com/bid/17920
http://secunia.com/advisories/20035
http://www.osvdb.org/25457
http://securityreason.com/securityalert/871
http://www.vupen.com/english/advisories/2006/1729
https://exchange.xforce.ibmcloud.com/vulnerabilities/26354
http://www.securityfocus.com/archive/1/433248/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ideal_science:idealbb:1.5.1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3b:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.4a:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3_beta2:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3a:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2a:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2b:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3_beta1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2c:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:::::::*

Information

Published : 2006-05-11 17:02

Updated : 2018-10-18 09:39

NVD link : CVE-2006-2320

Mitre link : CVE-2006-2320

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ideal_science

idealbb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.idealscience.com/ibb/posts.aspx?postID=24415", "name": "http://www.idealscience.com/ibb/posts.aspx?postID=24415", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/17920", "name": "17920", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20035", "name": "20035", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/25457", "name": "25457", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/871", "name": "871", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1729", "name": "ADV-2006-1729", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26354", "name": "idealbb-multiple-sql-injection(26354)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/433248/100/0/threaded", "name": "20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2320", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-05-12T00:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.3b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.4a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.3_beta2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.3_beta1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:39Z"}