Vulnerability Details : CVE-2006-0444
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
Vulnerability category: Sql InjectionCross site scripting (XSS)
Products affected by CVE-2006-0444
- cpe:2.3:a:phpclanwebsite:phpclanwebsite:1.23.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0444
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0444
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2006-0444
Jump to