7.5

CVE-2006-6233

EPSS 0.47%
Published 02.12.2006 11:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Postnuke Software Foundation ≫ Postnuke Version0.76_rc4

Postnuke Software Foundation ≫ Postnuke Version0.76_rc4a

Postnuke Software Foundation ≫ Postnuke Version0.76_rc4b

Postnuke Software Foundation ≫ Postnuke Version0.760_rc2

Postnuke Software Foundation ≫ Postnuke Version0.760_rc3

Postnuke Software Foundation ≫ Postnuke Version0.760_rc4

Postnuke Software Foundation ≫ Postnuke Version0.761

Postnuke Software Foundation ≫ Postnuke Version0.761a

Postnuke Software Foundation ≫ Postnuke Version0.762

Postnuke Software Foundation ≫ Postnuke Version0.763

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.635

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://exchange.xforce.ibmcloud.com/vulnerabilities/27501

http://securityreason.com/securityalert/1952

http://www.securityfocus.com/archive/1/437832/100/200/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-6233

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6233

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6233

EUVD