CVE-2006-3236

{"id": "CVE-2006-3236", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-06-27T10:05:00.000", "references": [{"url": "http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20747", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016355", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26742", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26743", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18567", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2470", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27270", "source": "cve@mitre.org"}, {"url": "http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20747", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016355", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/26742", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/26743", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/18567", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/2470", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27270", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de inyecci\u00f3n SQL en thinkWMS v1.0 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro (1) id en (a) index.php o (b) printarticle.php, y el par\u00e1metro (2) catid en index.php."}], "lastModified": "2024-11-21T00:13:08.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thinkfactory:thinkwms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEF3B0EF-742D-424F-B540-667C1DCDB560", "versionEndIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}