5.5
CVE-2006-0913
- EPSS 1.02%
- Veröffentlicht 28.02.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.02% | 0.588 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:P
|
http://secunia.com/advisories/18979
http://www.osvdb.org/23378
http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.securityfocus.com/bid/16738
http://www.vupen.com/english/advisories/2006/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=312498
https://exchange.xforce.ibmcloud.com/vulnerabilities/24819