Vulnerability Details : CVE-2006-0669
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
Vulnerability category: Sql Injection
Products affected by CVE-2006-0669
- cpe:2.3:a:gasoft:gas_forum_light:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0669
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0669
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-0669
-
http://securitytracker.com/id?1015600
securitytracker.comExploit
-
http://www.attrition.org/pipermail/vim/2006-February/000561.html
[VIM] vendor dispute for CVE-2006-0669
-
http://www.securityfocus.com/bid/16563
Exploit
-
http://www.osvdb.org/23509
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24616
Vulnerability Report
Jump to