CVE-2006-6157

CVSS V2 High 7.5 CVSS V3 None
Description
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
Overview
  • CVE ID
  • CVE-2006-6157
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-11-28T23:28:00
  • Last Modified Date
  • 2018-10-17T21:46:59
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:michaelis_freunde:contentnow:*:*:*:*:*:*:*:* 1 OR 1.39
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl Exploit
http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437
http://www.securityfocus.com/bid/21237 Patch
http://securitytracker.com/id?1017265
http://secunia.com/advisories/23005 Vendor Advisory
http://securityreason.com/securityalert/1925
http://www.vupen.com/english/advisories/2006/4663 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30459
https://www.exploit-db.com/exploits/2822
http://www.securityfocus.com/archive/1/452231/100/100/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2006-6157
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6157
History
Created Old Value New Value Data Type Notes
2022-05-10 18:10:55 Added to TrackCVE