6.8

CVE-2006-6274

Exploit

EPSS 1.58%
Veröffentlicht 04.12.2006 11:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter.  NOTE: early reports of this issue reported it as XSS, but this was erroneous.  The original report was for News Manager, but there is strong evidence that the correct product is Publisher.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Expinion.Net ≫ Inews Publisher Version <= 2.5

Expinion.Net ≫ News Manager

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.58%	0.811

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/23123

Vendor Advisory

http://www.securityfocus.com/bid/21296

Exploit

http://www.vupen.com/english/advisories/2006/4707

https://exchange.xforce.ibmcloud.com/vulnerabilities/30510

http://attrition.org/pipermail/vim/2006-November/001147.html

http://securityreason.com/securityalert/1956

http://www.aria-security.com/forum/showthread.php?t=40

Exploit

http://www.securityfocus.com/archive/1/452572/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-6274

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6274

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6274

EUVD