CVE-2006-0107 - SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands

CVE-2006-0107

Summary

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108.

References

http://secunia.com/advisories/18324
http://www.osvdb.org/22252
http://www.securityfocus.com/bid/16159
https://exchange.xforce.ibmcloud.com/vulnerabilities/24014

Vulnerable Configurations

cpe:2.3:a:idea_development_id_oy:timecan_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:idea_development_id_oy:timecan_cms:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16159
osvdb	22252
secunia	18324
xf	timecancms-sql-injection(24014)

Last major update

20-07-2017 - 01:29

Published

07-01-2006 - 00:03

Last modified

20-07-2017 - 01:29