7.5
CVE-2006-3236
- EPSS 1.39%
- Veröffentlicht 27.06.2006 10:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Thinkfactory ≫ Thinkwms Version <= 1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.39% | 0.687 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html
http://secunia.com/advisories/20747
http://securitytracker.com/id?1016355
http://www.osvdb.org/26742
http://www.osvdb.org/26743
http://www.securityfocus.com/bid/18567
http://www.vupen.com/english/advisories/2006/2470
https://exchange.xforce.ibmcloud.com/vulnerabilities/27270