CVE-2006-3618

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.neosecurityteam.net/index.php?action=advisories&id=23", "name": "http://www.neosecurityteam.net/index.php?action=advisories&id=23", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27624", "name": "pblguestbook-pblguestbook-sql-injection(27624)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/439486/100/0/threaded", "name": "20060707 PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3618", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-07-18T15:47Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pixelated_by_lev:pixelated_by_lev_guestbook:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.32"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:48Z"}