ID CVE-2006-3292
Summary SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
References
Vulnerable Configurations
  • cpe:2.3:a:jaws:jaws:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:jaws:jaws:0.6.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 18665
bugtraq 20060626 Jaws <= 0.6.2 'Search gadget' SQL injection
confirm http://www.jaws-project.com/index.php?blog/show/29
misc http://retrogod.altervista.org/JAWS_062_sql.html
secunia 20842
sreason 1165
vupen ADV-2006-2546
xf jaws-search-gadget-sql-injection(27334)
Last major update 18-10-2018 - 16:46
Published 28-06-2006 - 23:05
Last modified 18-10-2018 - 16:46
Back to Top