CVE-2006-5840
CVSS V2 High 7.5
CVSS V3 None
Description
** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version.
Overview
- CVE ID
- CVE-2006-5840
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2006-11-10T02:07:00
- Last Modified Date
- 2018-10-17T21:45:23
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:abarcar:abarcar_realty_portal:5.1.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:abarcar:abarcar_realty_portal:6.0.1:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 7.5
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2006-5840 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5840 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:11:44 | Added to TrackCVE |