CVE-2006-3618

{"id": "CVE-2006-3618", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-07-18T15:47:00.000", "references": [{"url": "http://www.neosecurityteam.net/index.php?action=advisories&id=23", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/439486/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27624", "source": "cve@mitre.org"}, {"url": "http://www.neosecurityteam.net/index.php?action=advisories&id=23", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/439486/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27624", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de SQL en pblguestbook.php en Pixelated By Leb (PBL) Guestbook 1.32 y anteriores permite a atacantes remotos ejecutar \u00f3rdenes SQL mediante los par\u00e1metros (1) 'name', (2) 'email', (3) 'website', (4) 'comments', (5) 'rate', y (6) 'private'"}], "lastModified": "2024-11-21T00:14:02.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixelated_by_lev:pixelated_by_lev_guestbook:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0909BD7-A423-41E1-9C62-779DDFF1BEF5", "versionEndIncluding": "1.32"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}