CVE-2006-0913

high

Description

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24819

http://www.vupen.com/english/advisories/2006/0692

http://www.securityfocus.com/bid/16738

http://www.securityfocus.com/archive/1/425584/100/0/threaded

http://www.osvdb.org/23378

http://secunia.com/advisories/18979

Details

Source: Mitre, NVD

Published: 2006-02-28

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics