Vulnerability Details : CVE-2006-3662
Potential exploit
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
Vulnerability category: Sql Injection
Products affected by CVE-2006-3662
- cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3662
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3662
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-3662
-
http://www.securityfocus.com/bid/18898
Exploit
-
http://www.securityfocus.com/archive/1/440837/100/100/threaded
-
http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html
Exploit
-
http://www.securityfocus.com/archive/1/439873/100/100/threaded
-
http://www.osvdb.org/28188
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27620
ATutor index.php SQL injection CVE-2006-3662 Vulnerability Report
Jump to