Vulnerability Details CVE-2006-1572
SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/19481
- http://securityreason.com/securityalert/658
- http://www.osvdb.org/24287
- http://www.securityfocus.com/archive/1/429474/100/0/threaded
- http://www.securityfocus.com/bid/17324
- http://www.vupen.com/english/advisories/2006/1181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25570
- http://secunia.com/advisories/19481
- http://securityreason.com/securityalert/658
- http://www.osvdb.org/24287
- http://www.securityfocus.com/archive/1/429474/100/0/threaded
- http://www.securityfocus.com/bid/17324
- http://www.vupen.com/english/advisories/2006/1181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25570
Products affected by CVE-2006-1572
-
cpe:2.3:a:o2php.com:oxygen:1.0.11
-
cpe:2.3:a:o2php.com:oxygen:1.1
-
cpe:2.3:a:o2php.com:oxygen:1.1.1
-
cpe:2.3:a:o2php.com:oxygen:1.1.2
-
cpe:2.3:a:o2php.com:oxygen:1.1.3