CVE-2006-0358

Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/10172
http://web.archive.org/web/20050303003128/http://powerportal.sourceforge.net/
http://www.osvdb.org/27957
http://www.osvdb.org/27958
http://www.securityfocus.com/archive/1/422151/100/0/threaded
http://www.securityfocus.com/bid/16279	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/24196

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:powerportal:powerportal:1.1b:::::::*
	cpe:2.3:a:powerportal:powerportal:1.3:::::::*
	cpe:2.3:a:powerportal:powerportal:1.3b:::::::*

History

No history.

Information

Published : 2006-01-22 20:03

Updated : 2024-02-04 16:52

NVD link : CVE-2006-0358

Mitre link : CVE-2006-0358

CVE.ORG link : CVE-2006-0358

JSON object : View

Products Affected

powerportal

powerportal

CWE

NVD-CWE-Other

{"id": "CVE-2006-0358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-01-22T20:03:00.000", "references": [{"url": "http://secunia.com/advisories/10172", "source": "cve@mitre.org"}, {"url": "http://web.archive.org/web/20050303003128/http://powerportal.sourceforge.net/", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27957", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27958", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/422151/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16279", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24196", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2."}], "lastModified": "2018-10-19T15:44:30.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:powerportal:powerportal:1.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7894AF63-7158-49B6-957C-0F95628AF78E"}, {"criteria": "cpe:2.3:a:powerportal:powerportal:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D06B14A8-85BF-49EF-B261-FD70F05A2D8B"}, {"criteria": "cpe:2.3:a:powerportal:powerportal:1.3b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62FED84-52E1-466B-9EE0-6679A84ED625"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}