CVE-2006-0581

{"id": "CVE-2006-0581", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-02-08T01:02:00.000", "references": [{"url": "http://secunia.com/advisories/18731", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015584", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22982", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22983", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0460", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24537", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18731", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015584", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/22982", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/22983", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0460", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24537", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de SQL en Hosting Controller 6.1 Hotfix 2.8 permite a usuarios remotos autenticados ejecutar \u00f3rdenes SQL de su elecci\u00f3n mediante el par\u00e1metro (1) GatewayID en una acci\u00f3n a\u00f1adir en AddGatewaySettings.asp y (2) el par\u00e1metro IP en IPManager.asp."}], "lastModified": "2024-11-21T00:06:47.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F0B0DB0-92F4-4F62-8962-0723633540BB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}