CVE-2006-5150

SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://sourceforge.net/project/shownotes.php?release_id=451780	Patch
http://www.securityfocus.com/bid/20301
http://secunia.com/advisories/22238	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3867
https://exchange.xforce.ibmcloud.com/vulnerabilities/29318

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openbiblio:openbiblio:0.1.0:::::::*
	cpe:2.3:a:openbiblio:openbiblio:0.2.1:::::::*
	cpe:2.3:a:openbiblio:openbiblio:0.5.0:::::::*
	cpe:2.3:a:openbiblio:openbiblio::::::::
	cpe:2.3:a:openbiblio:openbiblio:0.3.0:::::::*
	cpe:2.3:a:openbiblio:openbiblio:0.4.0:::::::*

Information

Published : 2006-10-04 21:04

Updated : 2017-07-19 18:33

NVD link : CVE-2006-5150

Mitre link : CVE-2006-5150

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

openbiblio

openbiblio

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/project/shownotes.php?release_id=451780", "name": "http://sourceforge.net/project/shownotes.php?release_id=451780", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/20301", "name": "20301", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/22238", "name": "22238", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3867", "name": "ADV-2006-3867", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29318", "name": "openbiblio-report-sql-injection(29318)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5150", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-10-05T04:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openbiblio:openbiblio:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbiblio:openbiblio:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbiblio:openbiblio:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbiblio:openbiblio:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.5.1"}, {"cpe23Uri": "cpe:2.3:a:openbiblio:openbiblio:0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbiblio:openbiblio:0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:33Z"}