CVE-2006-0107

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/18324	Vendor Advisory
http://www.osvdb.org/22252	Exploit
http://www.securityfocus.com/bid/16159
https://exchange.xforce.ibmcloud.com/vulnerabilities/24014
http://secunia.com/advisories/18324	Vendor Advisory
http://www.osvdb.org/22252	Exploit
http://www.securityfocus.com/bid/16159
https://exchange.xforce.ibmcloud.com/vulnerabilities/24014

Configurations

Configuration 1 (hide)

cpe:2.3:a:idea_development_id_oy:timecan_cms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:05

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/18324 - Vendor Advisory~~	() http://secunia.com/advisories/18324 - Vendor Advisory
References	~~() http://www.osvdb.org/22252 - Exploit~~	() http://www.osvdb.org/22252 - Exploit
References	~~() http://www.securityfocus.com/bid/16159 -~~	() http://www.securityfocus.com/bid/16159 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/24014 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/24014 -

Information

Published : 2006-01-07 00:03

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0107

Mitre link : CVE-2006-0107

CVE.ORG link : CVE-2006-0107

JSON object : View

Products Affected

idea_development_id_oy

timecan_cms

CWE

NVD-CWE-Other

{"id": "CVE-2006-0107", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-01-07T00:03:00.000", "references": [{"url": "http://secunia.com/advisories/18324", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22252", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16159", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24014", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18324", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/22252", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/16159", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24014", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:idea_development_id_oy:timecan_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0EACE28-AEF8-4D1F-9A62-0F88B82EA183"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}