CVE-2006-3348

{"id": "CVE-2006-3348", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-07-03T19:05:00.000", "references": [{"url": "http://pridels0.blogspot.com/2006/06/hspcomplete-vuln.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27379", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en HSPcomplete 3.2.2 y 3.3 beta y anteriores permiten a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) type en report.php y (2) level en custom_buttons.php."}], "lastModified": "2017-07-20T01:32:15.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:swsoft:hspcomplete:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFEE3B68-0601-4D6F-BB96-9FB6E3F19A14", "versionEndIncluding": "3.3_beta"}, {"criteria": "cpe:2.3:a:swsoft:hspcomplete:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B35FFC8A-8439-47F5-85D2-FC37999DEB46"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}