7.5

CVE-2006-0759

EPSS 1.64%
Veröffentlicht 18.02.2006 02:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hivemail ≫ Hivemail Version1.1

Hivemail ≫ Hivemail Version1.1.1

Hivemail ≫ Hivemail Version1.2

Hivemail ≫ Hivemail Version1.2.1_beta1

Hivemail ≫ Hivemail Version1.2.1_rc

Hivemail ≫ Hivemail Version1.2.2

Hivemail ≫ Hivemail Version1.2_sp1

Hivemail ≫ Hivemail Version1.3

Hivemail ≫ Hivemail Version1.3_beta1

Hivemail ≫ Hivemail Version1.3_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.64%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html

Vendor Advisory

http://forum.hivemail.com/showthread.php?p=26745

http://secunia.com/advisories/18807

http://www.gulftech.org/?node=research&article_id=00098-02102006

Vendor Advisory

http://www.securityfocus.com/bid/16591

http://www.vupen.com/english/advisories/2006/0527

http://securityreason.com/securityalert/422

https://exchange.xforce.ibmcloud.com/vulnerabilities/24623

https://nvd.nist.gov/vuln/detail/CVE-2006-0759

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0759

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0759

EUVD