6.5

CVE-2006-4444

Exploit

EPSS 1.6%
Veröffentlicht 29.08.2006 23:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cybozu ≫ Garoon Version2.1.0_for_windows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.6%	0.809

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://cybozu.co.jp/products/dl/notice_060825/

http://secunia.com/advisories/21664

Patch

Vendor Advisory

Exploit

http://vuln.sg/cybozugaroon-en.html

http://www.osvdb.org/28361

http://www.osvdb.org/28362

http://www.osvdb.org/28363

http://www.osvdb.org/28364

http://www.osvdb.org/28365

http://www.osvdb.org/28366

http://www.securityfocus.com/bid/19731

Patch

Exploit

http://www.vupen.com/english/advisories/2006/3399

https://exchange.xforce.ibmcloud.com/vulnerabilities/28594

https://nvd.nist.gov/vuln/detail/CVE-2006-4444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4444

EUVD