CVE-2006-3430

critical

Description

SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27545

http://www.vupen.com/english/advisories/2006/2596

http://www.vupen.com/english/advisories/2006/2595

http://www.securityfocus.com/bid/18715

http://www.securityfocus.com/archive/1/438710/100/0/threaded

http://securitytracker.com/id?1016405

http://securityreason.com/securityalert/1200

http://secunia.com/advisories/20878

http://secunia.com/advisories/20876

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html

Details

Source: Mitre, NVD

Published: 2006-07-07

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical