admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2006/CVE-2006-13xx/CVE-2006-1372.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

150 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2006-1372",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-03-24T02:02:00.000",
"lastModified": "2024-11-21T00:08:41.953",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benson_it_solutions:1webcalendar:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "643C9F88-65F9-48F7-93CB-A28549228A3F"
}
]
}
]
}
],
"references": [
{
"url": "http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/19329",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://www.osvdb.org/24021",
"source": "cve@mitre.org"
},
{
"url": "http://www.osvdb.org/24022",
"source": "cve@mitre.org"
},
{
"url": "http://www.osvdb.org/24023",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/17193",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2006/1040",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25373",
"source": "cve@mitre.org"
},
{
"url": "http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/19329",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "http://www.osvdb.org/24021",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.osvdb.org/24022",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.osvdb.org/24023",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/17193",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.vupen.com/english/advisories/2006/1040",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25373",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
],
"vendorComments": [
{
"organization": "Benson Solutions",
"comment": "WebCalendar v4 has been updated to include fixes that filter the url numeric and date variables in question and prevent non-numeric and non-date values from being passed to the SQL queries. This fixes the problems with the pages in question. http://www.bensonitsolutions.com/Calendar/v4/",
"lastModified": "2007-01-03T00:00:00"
}
]
}
Reference in New Issue View Git Blame Copy Permalink