NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-0115

Summary	Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.
Publication Date	Jan. 9, 2006, 8:03 p.m.
Registration Date	Jan. 29, 2021, 3:29 p.m.
Last Update	Sept. 8, 2011, 1 p.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:oneplug_solutions:oneplug_cms::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/ref/22/22248-oneplug.txt	MISC	Exploit
2	http://secunia.com/advisories/18325	SECUNIA	Exploit Vendor Advisory
3	http://www.osvdb.org/22248	OSVDB	Exploit
4	http://www.osvdb.org/22249	OSVDB	Exploit
5	http://www.osvdb.org/22250	OSVDB	Exploit
6	http://www.securityfocus.com/bid/16155	BID	Exploit
7	http://www.vupen.com/english/advisories/2006/0079	VUPEN	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html