mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
89 lines
2.7 KiB
JSON
89 lines
2.7 KiB
JSON
{
|
|
"id": "CVE-2006-6457",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2006-12-11T17:28:00.000",
|
|
"lastModified": "2024-11-21T00:22:44.020",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "tiki-wiki_rss.php en Tikiwiki 1.9.5, 1.9.2, y posiblemente otras versiones permite a atacantes remotos obtener informaci\u00f3n sensible (nombre de usuario y contrase\u00f1a MySQL) mediante un par\u00e1metro ver inv\u00e1lido (largo o negativo), lo cual filtra la informaci\u00f3n en un mensaje de error."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |