CVE-2006-3238

Опубликовано: 27 июн. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.

Ссылки

http://secunia.com/advisories/20701/
Vendor Advisory
http://securityreason.com/securityalert/1149
http://www.securityfocus.com/archive/1/437651/100/100/threaded
http://www.securityfocus.com/archive/1/437658/100/100/threaded
http://www.securityfocus.com/bid/18497
http://www.vupen.com/english/advisories/2006/2468
https://exchange.xforce.ibmcloud.com/vulnerabilities/27294
http://secunia.com/advisories/20701/
Vendor Advisory
http://securityreason.com/securityalert/1149
http://www.securityfocus.com/archive/1/437651/100/100/threaded
http://www.securityfocus.com/archive/1/437658/100/100/threaded
http://www.securityfocus.com/bid/18497
http://www.vupen.com/english/advisories/2006/2468
https://exchange.xforce.ibmcloud.com/vulnerabilities/27294

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vbzoom:vbzoom:*:*:*:*:*:*:*:*

Версия до 1.00 (включая)

EPSS

Процентиль: 74%

0.00816

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-h2wq-4f3c-4hc4

github

почти 4 года назад