ID CVE-2006-0107
Summary SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108.
References
Vulnerable Configurations
  • cpe:2.3:a:idea_development_id_oy:timecan_cms:*:*:*:*:*:*:*:*
    cpe:2.3:a:idea_development_id_oy:timecan_cms:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16159
osvdb 22252
secunia 18324
xf timecancms-sql-injection(24014)
Last major update 20-07-2017 - 01:29
Published 07-01-2006 - 00:03
Last modified 20-07-2017 - 01:29
Back to Top