CVE-2006-7034

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/securityalert/2285
http://www.securityfocus.com/archive/1/435166/30/4680/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26720
http://securityreason.com/securityalert/2285
http://www.securityfocus.com/archive/1/435166/30/4680/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26720

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:::::::*
	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:ibm:os2::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server:sp2:::::::*
	cpe:2.3:o:microsoft:windows_95::::::::
	cpe:2.3:o:microsoft:windows_98::gold::::::*
	cpe:2.3:o:microsoft:windows_98se::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_xp::gold::::::*
	cpe:2.3:o:santa_cruz_operation:sco_unix::::::::
	cpe:2.3:o:sun:solaris::::::::
	cpe:2.3:o:windriver:bsdos::::::::

cpe:2.3:a:super_link_exchange_script:super_link_exchange_script:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:24

Type	Values Removed	Values Added
References	~~() http://securityreason.com/securityalert/2285 -~~	() http://securityreason.com/securityalert/2285 -
References	~~() http://www.securityfocus.com/archive/1/435166/30/4680/threaded -~~	() http://www.securityfocus.com/archive/1/435166/30/4680/threaded -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 -

Information

Published : 2007-02-23 03:28

Updated : 2024-11-21 00:24

NVD link : CVE-2006-7034

Mitre link : CVE-2006-7034

CVE.ORG link : CVE-2006-7034

JSON object : View

Products Affected

santa_cruz_operation

sco_unix

tru64
hp-ux

microsoft

windows_98se
windows_2003_server
windows_me
windows_nt
windows_xp
windows_2000
windows_95
windows_98

super_link_exchange_script

super_link_exchange_script

ibm

sun

solaris

linux

linux_kernel

apple

mac_os_x

windriver

bsdos

CWE

NVD-CWE-Other

7.5 /10