CVE-2006-5237

SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/22310	Vendor Advisory
http://www.bookmark-manager.com/CHANGES	URL Repurposed
http://www.securityfocus.com/bid/20417	Patch
http://www.vupen.com/english/advisories/2006/3958

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer::::::::
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.00:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.01:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.05:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.06:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.07:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.08:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.09:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.10:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.11:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.20:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.30:::::::*
	cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.40:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.bookmark-manager.com/CHANGES -~~	(CONFIRM) http://www.bookmark-manager.com/CHANGES - URL Repurposed

Information

Published : 2006-10-12 00:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5237

Mitre link : CVE-2006-5237

CVE.ORG link : CVE-2006-5237

JSON object : View

Products Affected

blue_smiley_organizer

blue_smiley_organizer

CWE

NVD-CWE-Other

{"id": "CVE-2006-5237", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-10-12T00:07:00.000", "references": [{"url": "http://secunia.com/advisories/22310", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.bookmark-manager.com/CHANGES", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20417", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3958", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de SQL en el Blue Smiley Organizer en versiones anteriores a la 4.46, permite a los atacantes remotos la ejecuci\u00f3n de comandos SQL de manera arbitraria, mediante vectores no especificados."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D3EFC6-9144-40C6-AA65-1FA2D117AD81", "versionEndIncluding": "4.45"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60D328A7-EE91-417B-9B2A-2C8CC964FBB7"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD8312FB-C5A4-443A-B1BE-0D23F45D5C45"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4CF4DED-5AD0-43A3-8317-7E276ED7B8B5"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C375346-D2AA-4D29-B260-BE992856C788"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A1320F6-F451-478F-A04F-275677F9CF4A"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D3BC9A9-6FC4-4B76-A0BC-7CC3B62DCC6F"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AAEEA1F-AC05-4E3A-91F5-5F359B99A9AB"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1420E52-516B-4D7D-8E55-91D06920B24A"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8521DD6E-B498-4504-BC6B-B0B55BF2618B"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95095AD7-3061-42AD-A442-44705D9A93F1"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B885C149-2C1A-4BA2-8A54-C01813D1E640"}, {"criteria": "cpe:2.3:a:blue_smiley_organizer:blue_smiley_organizer:4.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2473B0CB-526B-4C8A-AA04-3BB7973627B9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}