ID |
CVE-2006-0939
|
Summary |
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 20-07-2017 - 01:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 16828 | bugtraq | 20060225 SQL Injection in DCI-Taskeen | sectrack | 1015685 | sreason | 495 | xf | dci-taskeen-multiple-scripts-sql-injection(24963) |
|
Last major update |
20-07-2017 - 01:30 |
Published |
01-03-2006 - 02:02 |
Last modified |
20-07-2017 - 01:30 |