CVE-2006-0913

Sažetak

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

Reference

http://secunia.com/advisories/18979
http://www.osvdb.org/23378
http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.securityfocus.com/bid/16738
http://www.vupen.com/english/advisories/2006/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=312498
https://exchange.xforce.ibmcloud.com/vulnerabilities/24819

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:29

Objavljeno

28-02-2006 - 11:02