CVE-2006-2517

SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20178	Patch Vendor Advisory
http://www.myweb-jp.com/support/tech/tech_common_013.html
http://securitytracker.com/id?1016133
http://www.vupen.com/english/advisories/2006/1898
https://exchange.xforce.ibmcloud.com/vulnerabilities/26622

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fujitsu:myweb_portal_office:::citizen:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::light:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::medical:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::public:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::school:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::standard:::::*

Information

Published : 2006-05-22 15:02

Updated : 2017-07-19 18:31

NVD link : CVE-2006-2517

Mitre link : CVE-2006-2517

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

fujitsu

myweb_portal_office

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/20178", "name": "20178", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.myweb-jp.com/support/tech/tech_common_013.html", "name": "http://www.myweb-jp.com/support/tech/tech_common_013.html", "tags": [], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1016133", "name": "1016133", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2006/1898", "name": "ADV-2006-1898", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26622", "name": "myweb-sql-injection(26622)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2517", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-05-22T22:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:citizen:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:light:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:medical:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:public:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:school:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}